Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something wrong with Task Manager w/ Hijackthis.log


  • This topic is locked This topic is locked
27 replies to this topic

#1 Qwerty_Uieo

Qwerty_Uieo

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 03 October 2009 - 10:40 AM

Okay, I've been here before. And you may think,oh well he didn't follow our advice on, how to prevent viruses, well I am very aware of that, but I have a family, and I don't think they got the memo.

First off Windows Task Manager doesn't tell me the user for the processes that are running. Its all just a blank white column.

Secondly, it says my CPU Usuage is always below 50% sometimes its spikes to 70%, but if i run a game like Bioshock, Fallout 3, CoD:5 or 5. they CPU usually hovers around 50% yet my system struggles, and I'm pretty sure my system isn't that great (see specs in sig.)

Their may be other things as well, but if you can help iron them out it'll be appreciated.



---HIjackthis.log----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:29 AM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.21\RivaTuner.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Samurize\Client.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.1.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.21\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.21\RivaTuner.exe" /T
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O8 - Extra context menu item: &Add URL Link to Netloader - file://C:\Program Files\NetLoader\NetLoader\linker.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add All URL Links to &Netloader - file://C:\Program Files\NetLoader\NetLoader\linkerall.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1235850173078
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: 0194261247979384mcinstcleanup - - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

--
End of file - 14695 bytes
Intel Core 2 Duo 2.20GHz
DDR2 1024MB RAM
ASUSTek P5L-MX
232GB HDD (not sure of make)
BFG GeForce 8500GT 1GB (over-clocked)
D-Link wireless Router (Wired)
Windows XP SP3
Firefox , Thunderbird
ESET NOD32
Super Anti-Spyware FREE, IObit 360 Security beta

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:02 PM

Posted 21 October 2009 - 12:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Qwerty_Uieo

Qwerty_Uieo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 21 October 2009 - 06:43 PM

Alright, for a free service time isn't an issue.

So, onto the problems. Task Manager just isn't working properly anymore, and the CPU usage is always way to low, especially when it says its only 30% or less when playing a game like Oblivion or Prototype. Also for every process the "User Name" column is lacking information (not specifying what user is running which process). It shows nothing, its all blank.

Also, at random times my computer lags (music lags (i am using Foorbar2000)).


OTL.txt


OTL logfile created on: 10/21/2009 7:17:38 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Marc\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.11 Mb Total Physical Memory | 432.11 Mb Available Physical Memory | 42.24% Memory free
2.40 Gb Paging File | 1.76 Gb Available in Paging File | 73.44% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 12.32 Gb Free Space | 5.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/21 19:16:59 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\My Documents\Downloads\OTL.exe
PRC - [2009/10/19 22:39:47 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
PRC - [2009/09/24 15:27:48 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/10 19:39:28 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/09/02 15:42:24 | 00,305,936 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\IS360srv.exe
PRC - [2009/08/24 16:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/22 06:25:22 | 01,655,808 | ---- | M] () -- C:\Program Files\foobar2000\foobar2000.exe
PRC - [2009/08/20 12:44:38 | 00,615,688 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009/08/04 00:19:11 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/02/06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/10 15:30:00 | 02,732,032 | ---- | M] () -- C:\Program Files\RivaTuner v2.21\RivaTuner.exe
PRC - [2008/09/14 18:38:42 | 00,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/09/10 11:22:32 | 00,229,648 | ---- | M] (Uniblue) -- C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe
PRC - [2008/07/14 13:43:04 | 00,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
PRC - [2008/04/13 20:12:19 | 00,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/02/15 13:46:06 | 00,249,856 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/09/02 14:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/08/31 15:01:21 | 01,037,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/08/31 14:58:50 | 00,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/04/07 16:02:08 | 02,010,624 | ---- | M] (Samurize.com) -- C:\Program Files\Samurize\Client.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NMIndexingService [On_Demand | Stopped])
SRV - File not found -- -- (0194261247979384mcinstcleanup [Auto | Stopped])
SRV - [2009/10/19 22:39:47 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2009/09/10 19:39:28 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2009/09/02 15:42:24 | 00,305,936 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\IS360srv.exe -- (IS360service [Auto | Running])
SRV - [2009/08/04 00:19:11 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/03 15:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/05/01 00:30:18 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/02/16 20:42:00 | 02,741,114 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/09/14 18:38:42 | 00,648,488 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2008/09/10 11:22:32 | 00,229,648 | ---- | M] (Uniblue) -- C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe -- (Uniblue DiskRescue [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/26 23:08:31 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/07/14 13:43:04 | 00,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe -- (DTSRVC [Auto | Running])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/09/04 19:25:44 | 00,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
SRV - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/09/29 12:48:06 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32 [Auto | Stopped])
SRV - [2006/02/28 08:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2005/08/08 00:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Disabled | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/12/04 16:21:00 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Disabled | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/10/15 17:08:23 | 00,025,360 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\temp\QWK19E1.tmp -- (GarenaPEngine [On_Demand | Stopped])
DRV - [2009/09/19 13:40:15 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/08/07 11:22:59 | 00,296,976 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2009/07/28 10:53:16 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/07/28 10:53:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/07/28 10:53:14 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2009/07/05 15:12:22 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\Drivers\pssdk41.sys -- (PsSdk41 [On_Demand | Stopped])
DRV - [2009/06/15 14:01:00 | 00,128,016 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2009/05/16 20:59:44 | 00,019,472 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\DRIVERS\klmouflt.sys -- (klmouflt [On_Demand | Running])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2009/04/30 22:02:00 | 08,055,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2009/04/27 15:51:22 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Stopped])
DRV - [2008/12/26 10:45:52 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2008/12/26 10:45:51 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/12/15 20:41:32 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2008/12/10 15:30:00 | 00,009,088 | ---- | M] () -- C:\Program Files\RivaTuner v2.21\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Running])
DRV - [2008/09/16 13:15:00 | 00,004,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\NVStrap.sys -- (NVStrap [Boot | Stopped])
DRV - [2008/09/14 18:36:56 | 00,023,992 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2008/09/14 18:36:54 | 00,025,272 | ---- | M] (Pure Networks, Inc.) -- C:\WINDOWS\System32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/03/22 17:37:20 | 00,113,896 | ---- | M] (QFX Software Corporation) -- C:\WINDOWS\System32\drivers\keyscrambler.sys -- (KeyScrambler [On_Demand | Running])
DRV - [2008/03/14 02:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2008/02/15 14:12:06 | 05,854,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Stopped])
DRV - [2007/12/26 18:34:17 | 00,141,582 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvcap.sys -- (nvcap [Auto | Running])
DRV - [2007/12/26 18:34:17 | 00,016,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVxbar.sys -- (NVXBAR [Auto | Running])
DRV - [2007/12/12 15:04:56 | 00,034,963 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid7906.sys -- (hid7906 [On_Demand | Stopped])
DRV - [2007/12/03 09:46:12 | 00,037,024 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid8101.sys -- (hid8101 [On_Demand | Stopped])
DRV - [2007/11/28 11:52:46 | 00,034,587 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\System32\drivers\hid8103.sys -- (hid8103 [On_Demand | Stopped])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/09/04 19:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev [On_Demand | Running])
DRV - [2007/08/21 04:12:59 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2007/08/14 08:12:44 | 00,005,760 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\14F.tmp -- (MEMSWEEP2 [On_Demand | Stopped])
DRV - [2007/06/12 11:27:00 | 00,011,776 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\DRIVERS\pdiddcci.sys -- (pdiddcci [On_Demand | Stopped])
DRV - [2007/04/21 10:15:42 | 00,009,344 | ---- | M] (Hajo Krabbenhöft) -- C:\WINDOWS\System32\DRIVERS\tenCapture.sys -- (tenCapture [On_Demand | Stopped])
DRV - [2007/03/15 02:12:04 | 00,038,656 | R--- | M] (Attansic Technology corporation.) -- C:\WINDOWS\System32\DRIVERS\atl01_xp.sys -- (AtcL001 [On_Demand | Running])
DRV - [2007/03/08 00:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2007/03/08 00:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/03/08 00:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/02/09 12:17:18 | 00,017,465 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivot.sys -- (Pivot [System | Running])
DRV - [2007/02/09 12:17:16 | 00,011,323 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivotmou.sys -- (pivotmou [On_Demand | Stopped])
DRV - [2007/01/15 21:09:00 | 00,293,888 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Stopped])
DRV - [2006/11/16 17:20:48 | 00,015,920 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\Drivers\PdiPorts.sys -- (PdiPorts [On_Demand | Running])
DRV - [2006/08/06 18:57:00 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Stopped])
DRV - [2006/03/17 05:18:00 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Stopped])
DRV - [2006/02/28 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/10/27 16:21:30 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2004/08/12 22:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2003/09/08 15:24:06 | 00,120,784 | ---- | M] (SP) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS -- (CA561 [On_Demand | Running])
DRV - [2001/08/17 12:19:20 | 00,096,256 | ---- | M] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\drivers\ctlsb16.sys -- (ctlsb16 [On_Demand | Stopped])
DRV - [1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32 [System | Running])
DRV - [1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys -- (ASPI [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\S-1-5-21-1708537768-1682526488-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\S-1-5-21-1708537768-1682526488-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\S-1-5-21-1708537768-1682526488-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=192.168.1.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:2.0.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.48
FF - prefs.js..keyword.URL: "http://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p="
FF - prefs.js..network.proxy.autoconfig_retry_interval_max: 1
FF - prefs.js..network.proxy.failover_timeout: 0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 12:37:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\program files\real\realplayer\browserrecord\firefox\ext [2009/09/24 15:29:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/11 23:41:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/11 23:41:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/24 15:29:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/08/07 11:24:15 | 00,000,000 | ---D | M]

[2008/06/17 22:10:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Extensions
[2008/06/17 22:10:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/11 21:18:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions
[2009/06/29 15:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2008/10/04 19:06:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2009/05/26 21:04:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/10/16 23:13:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/06/03 22:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/06/17 16:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2008/12/17 21:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2008/08/27 21:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2008/08/22 19:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}
[2009/04/16 15:17:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/03 20:04:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/07/02 01:11:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/02/18 21:42:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/05/26 23:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2008/07/06 19:06:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\iaplayer@instantaction.com
[2009/07/02 01:11:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\piclens@cooliris.com
[2009/07/02 01:11:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\piclens@cooliris.com-trash
[2009/06/30 13:15:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\searchrecs@veoh.com
[2009/02/13 20:57:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\i69sttm0.default\extensions\splash@aldreneo.com
[2009/10/20 20:03:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions
[2009/10/19 20:30:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/07/21 11:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}
[2009/08/13 23:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/07/27 06:00:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/07/21 11:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/08/12 19:27:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/12 11:34:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/09/19 14:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/09/19 14:43:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\DTToolbar@toolbarnet.com
[2009/10/11 20:23:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\iaplayer@instantaction.com
[2009/07/26 19:38:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\keyscrambler@qfx.software.corporation
[2009/07/20 00:13:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\piclens@cooliris.com
[2009/10/03 20:16:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\redshift_V2@shift-themes.com
[2009/07/27 06:00:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions
[2009/07/27 06:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2009/07/27 06:00:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions
[2009/07/27 06:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\mozilla\Firefox\Profiles\pzcygn8z.Marc\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2008/04/03 22:34:16 | 00,001,406 | ---- | M] () -- C:\Documents and Settings\Marc\Application Data\Mozilla\FireFox\Profiles\i69sttm0.default\searchplugins\siteadvisor.gif
[2008/04/03 22:34:16 | 00,000,276 | ---- | M] () -- C:\Documents and Settings\Marc\Application Data\Mozilla\FireFox\Profiles\i69sttm0.default\searchplugins\siteadvisor.src
[2008/03/20 19:34:55 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Marc\Application Data\Mozilla\FireFox\Profiles\i69sttm0.default\searchplugins\siteadvisor.xml
[2009/10/20 20:03:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/03 13:01:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/12 23:11:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/12 23:11:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/23 02:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/08/06 22:44:29 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/20 01:49:50 | 00,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/06/30 23:02:00 | 00,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2009/07/23 11:55:48 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/09/24 15:29:26 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/09/29 17:23:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/09/29 17:23:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/09/29 17:23:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/09/29 17:23:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/09/29 17:23:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/09/29 17:23:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/09/29 17:23:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/24 15:30:08 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/09/24 15:29:11 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RivaTuner] C:\Program Files\RivaTuner v2.21\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.21\RivaTuner.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\Marc\Start Menu\Programs\Startup\Client Default.lnk = C:\Program Files\Samurize\Client.exe (Samurize.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add URL Link to Netloader - C:\Program Files\NetLoader\NetLoader\linker.htm ()
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O8 - Extra context menu item: Add All URL Links to &Netloader - C:\Program Files\NetLoader\NetLoader\linkerall.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1708537768-1682526488-839522115-1006\..Trusted Domains: 7 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Risk/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (Reg Error: Value error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1235850173078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.139.145.3 10.0.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/19 16:04:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[8 C:\WINDOWS\*.tmp files]
[2009/10/01 16:46:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/09/24 15:30:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/10/14 21:06:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Atari
[2009/10/14 21:04:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Leadertech
[2009/10/01 16:46:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft Help
[2009/09/24 15:28:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/10/14 20:56:15 | 00,000,000 | ---D | C] -- C:\Program Files\Atari
[2009/09/29 21:39:04 | 00,000,000 | ---D | C] -- C:\Program Files\Cursor Lock
[2009/10/04 16:25:01 | 00,000,000 | ---D | C] -- C:\Program Files\Diablo
[2009/09/21 19:45:39 | 00,000,000 | ---D | C] -- C:\Program Files\Disney Interactive
[2009/10/17 21:26:36 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2009/09/22 15:09:54 | 00,000,000 | ---D | C] -- C:\Program Files\IGZones
[2009/09/21 20:19:25 | 00,000,000 | ---D | C] -- C:\Program Files\Infogrames Interactive
[2009/10/03 13:23:24 | 00,000,000 | ---D | C] -- C:\Program Files\Lionhead Studios
[2009/10/08 19:11:09 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/09/21 22:22:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2009/09/22 17:38:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2009/10/04 16:25:20 | 00,000,000 | ---D | C] -- C:\Program Files\Spawn
[2009/09/22 15:18:18 | 00,000,000 | ---D | C] -- C:\Program Files\Voobly
[2009/10/20 16:18:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\Prototype
[2009/10/20 15:12:41 | 00,000,000 | ---D | C] -- C:\Games
[2009/10/17 21:31:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\LOTR The Return of the King ™ Data
[2009/10/14 21:04:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\RCT3
[2009/10/14 08:30:41 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/10/07 09:50:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/07 09:43:55 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/04 16:25:13 | 00,118,784 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2009/09/24 22:04:50 | 00,000,000 | ---D | C] -- C:\Textures
[2009/09/24 15:31:25 | 00,000,000 | ---D | C] -- C:\My Music
[2009/09/24 15:29:27 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/09/24 15:29:03 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/09/24 15:29:03 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/09/24 15:28:00 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/09/22 17:39:38 | 00,021,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\point32.sys
[2009/09/21 19:47:24 | 00,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2009/09/21 19:47:24 | 00,038,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LMRTREND.dll
[2009/09/21 19:47:21 | 00,182,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft3.dll
[2009/09/21 19:47:07 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unam4ie.exe
[2009/09/21 19:46:50 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciqtz.drv
[2009/09/21 19:46:49 | 00,194,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcut.dll
[2009/09/21 19:46:45 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll
[2009/09/21 19:46:45 | 00,002,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll
[2009/09/21 19:46:35 | 00,303,104 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn041e.exe
[2009/01/24 12:32:40 | 52,056,600 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Marc\Application Data\kis8.0.0.506en.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[15 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/10/21 18:51:23 | 00,076,584 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Pman2.gif
[2009/10/21 18:41:19 | 01,088,858 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Pman2.avi
[2009/10/21 18:41:00 | 00,710,342 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Pman2.flv
[2009/10/21 18:41:00 | 00,001,510 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Pman2.html
[2009/10/21 18:38:01 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/21 18:37:14 | 00,525,453 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Pman2.wmv
[2009/10/21 14:56:40 | 00,193,694 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/21 14:56:30 | 00,000,374 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2009/10/21 14:55:25 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/21 14:55:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/19 22:39:47 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009/10/19 22:39:47 | 00,215,104 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/10/19 18:11:51 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/18 15:14:26 | 00,138,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/18 01:18:20 | 01,574,628 | -H-- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\IconCache.db
[2009/10/18 00:39:22 | 00,000,287 | ---- | M] () -- C:\WINDOWS\EReg072.dat
[2009/10/15 19:16:33 | 00,001,724 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\Xpadder.ini
[2009/10/14 22:51:11 | 00,004,079 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\hi_5.gif
[2009/10/14 08:59:42 | 00,108,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/10/14 08:59:42 | 00,095,259 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/10/14 08:44:43 | 00,529,866 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/14 08:44:43 | 00,460,826 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/14 08:44:43 | 00,079,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/14 08:39:55 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/12 21:26:48 | 00,003,324 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\gaw.gif
[2009/10/12 15:55:59 | 00,025,300 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\baman.gif
[2009/10/12 14:55:15 | 08,867,178 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Baman Piderman - Pwactice Da Counting.avi
[2009/10/11 23:40:25 | 00,002,840 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\cc_20080418_1813.reg
[2009/10/11 23:39:59 | 00,204,364 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\cc_20091011_233954.reg
[2009/10/07 09:43:33 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/07 09:43:23 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/05 20:57:37 | 00,007,594 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\LAZ0R Camel.png
[2009/10/05 20:10:16 | 00,040,953 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\SPIDER CAMEL.jpg
[2009/10/04 16:28:50 | 00,010,452 | ---- | M] () -- C:\WINDOWS\DiabUnin.dat
[2009/10/04 16:26:22 | 00,118,784 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\DiabUnin.exe
[2009/10/04 16:26:22 | 00,002,829 | ---- | M] () -- C:\WINDOWS\DiabUnin.pif
[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/02 12:25:35 | 01,520,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/01 19:46:17 | 00,063,800 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/25 18:20:28 | 00,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/09/24 15:31:24 | 00,000,025 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/09/24 15:29:27 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/09/24 15:29:03 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/09/24 15:29:03 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/09/24 15:28:01 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009/09/24 15:28:00 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/09/22 23:39:35 | 01,238,759 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\Spiderman theme song 1960s.mp3
[2009/09/22 23:39:12 | 01,364,146 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\BATMAN ORIGINAL 60's TV THEME SONG.mp3
[2009/09/22 17:49:05 | 00,048,458 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\cc_20090922_174859.reg
[2009/09/21 19:55:14 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/21 19:47:33 | 00,000,300 | ---- | M] () -- C:\WINDOWS\EReg515.dat
[2009/09/21 19:47:14 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/09/21 19:47:14 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/09/21 19:46:44 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf32.dll
[2009/09/21 19:46:44 | 00,002,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\w95inf16.dll
[2009/09/21 19:46:40 | 00,001,291 | ---- | M] () -- C:\WINDOWS\disney.ini

========== Files - No Company Name ==========
[2009/10/21 18:43:45 | 00,076,584 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Pman2.gif
[2009/10/21 18:41:17 | 01,088,858 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Pman2.avi
[2009/10/21 18:41:01 | 00,010,076 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Skin.swf
[2009/10/21 18:41:00 | 00,009,038 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\FLVPlayer.swf
[2009/10/21 18:41:00 | 00,001,510 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Pman2.html
[2009/10/21 18:40:59 | 00,710,342 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Pman2.flv
[2009/10/21 18:37:11 | 00,525,453 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Pman2.wmv
[2009/10/18 00:39:22 | 00,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2009/10/14 08:30:51 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/12 21:24:58 | 00,003,324 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\gaw.gif
[2009/10/12 15:47:46 | 00,025,300 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\baman.gif
[2009/10/12 14:54:15 | 08,867,178 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Baman Piderman - Pwactice Da Counting.avi
[2009/10/11 23:39:56 | 00,204,364 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\cc_20091011_233954.reg
[2009/10/11 15:02:22 | 00,004,079 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\hi_5.gif
[2009/10/08 17:58:35 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\hidcon.exe
[2009/10/05 20:38:16 | 00,007,594 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\LAZ0R Camel.png
[2009/10/05 20:10:14 | 00,040,953 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\SPIDER CAMEL.jpg
[2009/10/04 16:25:13 | 00,002,829 | ---- | C] () -- C:\WINDOWS\DiabUnin.pif
[2009/10/04 16:25:00 | 00,010,452 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2009/10/01 14:56:11 | 01,574,628 | -H-- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\IconCache.db
[2009/09/25 18:20:28 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/09/24 15:31:24 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/22 23:39:33 | 01,238,759 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\Spiderman theme song 1960s.mp3
[2009/09/22 23:39:10 | 01,364,146 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\BATMAN ORIGINAL 60's TV THEME SONG.mp3
[2009/09/22 17:49:03 | 00,048,458 | ---- | C] () -- C:\Documents and Settings\Marc\My Documents\cc_20090922_174859.reg
[2009/09/21 19:47:33 | 00,000,300 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2009/09/21 19:46:50 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/09/21 19:46:50 | 00,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2009/09/21 19:45:23 | 00,001,291 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009/07/22 22:17:39 | 00,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/07/08 14:50:59 | 00,000,052 | ---- | C] () -- C:\WINDOWS\castle16.ini
[2009/07/04 14:15:56 | 00,000,268 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\hdl_dump.conf
[2009/07/02 23:14:21 | 00,000,158 | ---- | C] () -- C:\WINDOWS\w32demo8.ini
[2009/07/02 23:12:03 | 00,000,263 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2009/06/29 13:54:25 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/29 13:54:22 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/27 19:27:31 | 00,000,100 | ---- | C] () -- C:\WINDOWS\bsacmd.INI
[2009/06/24 21:02:19 | 00,000,587 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\AutoGK.ini
[2009/06/08 16:19:29 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/05/11 15:50:21 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\TheHunterSettings.cfg
[2009/05/10 11:04:24 | 00,000,025 | ---- | C] () -- C:\Program Files\popcinfot.dat
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/04/02 22:30:40 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/03/06 16:29:03 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/03/06 16:27:48 | 00,839,680 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/03/06 16:27:48 | 00,159,744 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2009/03/04 20:51:35 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/02/22 17:22:23 | 03,236,703 | ---- | C] () -- C:\Program Files\Drum Machine.zip
[2009/02/21 11:47:50 | 00,000,119 | ---- | C] () -- C:\WINDOWS\Apache3.INI
[2009/02/12 19:05:40 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/02/07 22:48:18 | 00,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2009/02/07 22:48:08 | 00,000,166 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2009/01/29 19:55:56 | 00,975,720 | ---- | C] () -- C:\Program Files\bleepTalker.zip
[2009/01/25 17:10:48 | 00,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/20 22:03:09 | 00,014,385 | ---- | C] () -- C:\WINDOWS\TW561A.INI
[2009/01/08 19:01:22 | 00,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/26 10:45:52 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/12/26 10:45:51 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/12/24 12:28:43 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\NVStrap.sys
[2008/12/13 15:40:41 | 00,000,847 | ---- | C] () -- C:\Program Files\setup.bat
[2008/11/30 16:38:38 | 00,000,794 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/11/26 19:48:47 | 00,000,172 | ---- | C] () -- C:\WINDOWS\NetLoader.ini
[2008/10/26 18:20:03 | 00,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2008/10/18 10:21:00 | 00,000,066 | ---- | C] () -- C:\WINDOWS\custvoic.ini
[2008/10/08 21:54:40 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\fusioncache.dat
[2008/10/08 15:10:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/15 19:00:54 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2008/08/14 18:57:34 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/07/19 11:46:47 | 00,008,917 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/07/02 12:35:23 | 00,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/07/01 11:37:35 | 00,000,049 | ---- | C] () -- C:\Program Files\Warnings.txt
[2008/07/01 11:37:29 | 00,000,111 | ---- | C] () -- C:\Program Files\ProgramFlow.txt
[2008/07/01 03:57:14 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Marc\Application Data\PnkBstrK.sys
[2008/06/30 23:47:28 | 00,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/06/26 23:42:28 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2008/06/26 19:37:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/06/05 08:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/31 19:06:50 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/05/29 20:54:26 | 01,012,736 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/05/29 20:54:26 | 00,012,800 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/05/27 21:09:10 | 00,000,044 | ---- | C] () -- C:\WINDOWS\VgsPlayer.INI
[2008/05/03 18:27:03 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/05/03 18:26:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/05/03 18:26:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/04/08 19:24:48 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/04/08 17:44:47 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/26 19:54:36 | 01,550,676 | ---- | C] () -- C:\Program Files\thedeero0000.ess
[2008/03/26 19:54:36 | 00,984,928 | ---- | C] () -- C:\Program Files\runescap0000.ess
[2008/03/26 19:54:35 | 01,719,948 | ---- | C] () -- C:\Program Files\mark0000.ess
[2008/03/26 19:54:35 | 01,105,120 | ---- | C] () -- C:\Program Files\autosave.ess
[2008/03/26 19:54:35 | 01,090,723 | ---- | C] () -- C:\Program Files\Anewbegi0000.ess
[2008/03/26 19:54:35 | 01,084,803 | ---- | C] () -- C:\Program Files\Marc0000.ess
[2008/03/26 19:54:35 | 00,992,572 | ---- | C] () -- C:\Program Files\pooop0000.ess
[2008/03/23 23:06:53 | 00,000,033 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/03/23 00:25:40 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/22 22:05:37 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2008/03/21 23:08:35 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/21 22:07:31 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/21 18:20:29 | 00,063,800 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/03/20 22:28:31 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/03/20 17:43:52 | 00,024,539 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/03/20 17:24:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Marc\Application Data\desktop.ini
[2008/03/20 17:18:55 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2008/03/19 16:29:12 | 00,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2008/03/19 16:14:31 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/03/19 16:14:20 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/03/19 10:55:19 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/12/26 18:35:10 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/12 12:01:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/07/14 15:35:46 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2006/02/28 08:00:00 | 00,032,770 | ---- | C] () -- C:\WINDOWS\System32\wus3dis.dll
[2006/02/28 08:00:00 | 00,000,801 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 08:00:00 | 00,000,243 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 18:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2000/01/06 20:00:00 | 00,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E60C72DB
@Alternate Data Stream - 507 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEFF768F
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA34E08F
< End of report >

EXTRAS.txt

OTL Extras logfile created on: 10/21/2009 7:17:38 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Marc\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.11 Mb Total Physical Memory | 432.11 Mb Available Physical Memory | 42.24% Memory free
2.40 Gb Paging File | 1.76 Gb Available in Paging File | 73.44% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 12.32 Gb Free Space | 5.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GEORGE
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = UltraEdit.html] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_USERS\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [compress] -- C:\Program Files\KGB Archiver\kgb_arch_compress.exe "%1\" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"59027:TCP" = 59027:TCP:*:Enabled:Pando Media Booster
"59027:UDP" = 59027:UDP:*:Enabled:Pando Media Booster
"56432:TCP" = 56432:TCP:*:Enabled:Pando Media Booster
"56432:UDP" = 56432:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"27900:UDP" = 27900:UDP:*:Enabled:GameSpy
"587:TCP" = 587:TCP:*:Enabled:Hotmail
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6112:TCP" = 6112:TCP:*:Disabled:Diablo 2 downloader
"28960:TCP" = 28960:TCP:*:Enabled:CoD4 Zombie
"28961:TCP" = 28961:TCP:*:Enabled:CoD4 Zombies
"27015:TCP" = 27015:TCP:*:Disabled:aa
"3390:UDP" = 3390:UDP:*:Enabled:RA
"3389:UDP" = 3389:UDP:*:Enabled:RA#2
"27015:UDP" = 27015:UDP:*:Enabled:HL2
"27020:UDP" = 27020:UDP:*:Enabled:HL2
"30000:TCP" = 30000:TCP:*:Enabled:XLink Kai
"59027:TCP" = 59027:TCP:*:Enabled:Pando Media Booster
"59027:UDP" = 59027:UDP:*:Enabled:Pando Media Booster
"56432:TCP" = 56432:TCP:*:Enabled:Pando Media Booster
"56432:UDP" = 56432:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Fraps\fraps.exe" = C:\Fraps\fraps.exe:*:Disabled:Fraps -- (Beepa P/L)
"C:\Program Files\Activision\Tony Hawk's Underground 2\Game\Chad-THUG2.exe" = C:\Program Files\Activision\Tony Hawk's Underground 2\Game\Chad-THUG2.exe:*:Disabled:Chad-THUG2 -- ()
"C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.icd" = C:\Program Files\Bullfrog\Dungeon Keeper 2\DKII.icd:*:Disabled:DKII -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Lizard Interactive Co\croNous\Cronous.exe" = C:\Program Files\Lizard Interactive Co\croNous\Cronous.exe:*:Enabled:croNous -- ()
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\OGPlanet\CABAL Online\cabal.exe" = C:\Program Files\OGPlanet\CABAL Online\cabal.exe:*:Enabled:CABAL -- (ESTsoft)
"C:\Program Files\MTA San Andreas\Multi Theft Auto.exe" = C:\Program Files\MTA San Andreas\Multi Theft Auto.exe:*:Enabled:Play MTA San Andreas -- ()
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Documents and Settings\Marc\My Documents\jdownloader\JDownloader.exe" = C:\Documents and Settings\Marc\My Documents\jdownloader\JDownloader.exe:*:Enabled:JDownloader -- (AppWork UG (haftungsbeschränkt))
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi -- (LogMeIn Inc.)
"C:\Program Files\Runes of Magic\Runes of Magic.exe" = C:\Program Files\Runes of Magic\Runes of Magic.exe:*:Enabled:Runes of Magic -- ()
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:UDP -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\qwerty_uio\garrysmod\hl2.exe" = C:\Program Files\Steam\steamapps\qwerty_uio\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\qwerty_uio\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\qwerty_uio\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\ePSXe\ePSXe.exe" = C:\Program Files\ePSXe\ePSXe.exe:*:Enabled:ePSXe -- ()
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Interactive PTE LTD)
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup -- (Kaspersky Lab)
"C:\PacSteamT\SteamApps\_qwertyuio_\half-life\hl.exe" = C:\PacSteamT\SteamApps\_qwertyuio_\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Sniper Elite\SniperElite.exe" = C:\Program Files\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\ijji\ENGLISH\u_gunz.exe" = C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader> -- (NHN USA inc.)
"C:\ijji\ENGLISH\Gunz\Gunz.exe" = C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz -- (MAIET entertainment)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C35EAE4-A535-46B7-B4BF-68952BD94E68}" = Uniblue DiskRescue 2009
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}" = Python 2.6
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DCC7418-2089-4BDD-B321-3771956160FC}" = ijji Auto Installer
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Ethernet Utility
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{33BBE45C-6296-488A-B7D5-37E692E71B3F}" = TortoiseSVN 1.6.5.16974 (32 bit)
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C04175C-B66B-416E-AF20-A71DBA1459A1}" = Wheel of Fortune 2003
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4870CFB4-9FD8-4A2E-8862-42A19451A05C}" = USB(CIF) Camera
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{48C6E149-9293-45FA-A686-B51D1C2EA4C1}" = ProjectPowder
"{49923711-81F5-45AB-B803-1341A3811F28}" = USB(CIF) Camera
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5CD2234B-6DD0-4A16-8556-57C0C70E9642}" = UltraEdit 14.20
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66ED8E01-C915-41F5-B33E-C5C31F27B885}" = USB Network Driver
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6DE7A046-E66F-49B8-93C9-21378D9B0F24}" = Cisco Network Magic
"{6E298B0A-558C-4138-0096-740677B382CD}" = LOTR The Return of the King tm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}" = WordPerfect Office X3
"{86F3A89F-94A4-4D15-99DB-B1BDAD96546C}" = MapleStory
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Trial
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9869D4DD-D553-40D3-8859-F8911D406C69}" = Ulead DVD Workshop 2 Trial
"{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE}" = Royale Remixed Theme
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE0D286A-5F37-421D-BAA4-B244A17DC82D}" = ProjectPowder
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DCBC3232-3DBE-4CE5-A240-A4C841ABD4E0}" = Point2 Photo Utility
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E27B1348-46D1-4D22-9EFE-C92F45174A02}" = Microsoft Identity Integration Server 2003 Resource Tool Kit
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F270470B-D4A7-4EE2-B010-390E104443A7}" = croNous
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FB5CB59C-D4F6-4303-A414-83D533EE773B}" = Pure Networks Platform
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.2" = Acoustica Mixcraft 4.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1" = Age of Empires II - The Conquerors - 1.0e Patch FINAL
"Ares" = Ares 2.0.9
"Armadillo Run Demo_is1" = Armadillo Run Demo Version 1.0.1
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Blender" = Blender (remove only)
"BTmod" = Oblivion - BTmod 2.20
"CABAL Online_is1" = CABAL Online
"CCleaner" = CCleaner (remove only)
"CD/DVD-ROM Generator" = CD/DVD-ROM Generator 1.20
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ControlMK" = ControlMK 0.232
"CurseClient" = Curse Client
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Deckadance" = Deckadance
"Diablo" = Diablo
"Diablo II" = Diablo II
"Drum Machine" = Drum Machine 1.34 BETA
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ESET Online Scanner" = ESET Online Scanner v3
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"ffdshow_is1" = ffdshow [rev 3014] [2009-06-20]
"FL Studio 8" = FL Studio 8
"FlashGet" = FlashGet 1.9.6.1073
"foobar2000" = foobar2000 v0.9.6.9
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Fraps" = Fraps
"Free FLV Converter_is1" = Free FLV Converter V 6.6.4
"Frets on Fire" = Frets On Fire
"Garena" = Garena
"GCFScape_is1" = GCFScape 1.7.2
"GoldWave v5.23" = GoldWave v5.23
"Google Earth Pro 4.2" = Google Earth Pro 4.2
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Gunz" = ijji - Gunz
"Hamachi" = Hamachi 1.0.3.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HHD Hex Editor 4.x" = HHD Software Hex Editor Neo 4.85
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IObit Security 360_is1" = IObit Security 360 1.0
"IsoBuster_is1" = IsoBuster 2.5
"Keeper" = Dungeon Keeper Gold
"KeyScrambler" = KeyScrambler
"KGB Archiver_is1" = KGB Archiver 1.2.1.24
"KkMenu docklet for Stardock Object Dock_is1" = Uninstall KkMenu docklet for Stardock Object Dock
"L4DSP" = Left 4 Dead Standalone Patch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Need For Speed III" = Need For Speed III
"Neffy" = Neffy 1,2,1,11
"NetLoader" = NetLoader
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.11
"OpenAL" = OpenAL
"Operation Optimization_is1" = Operation Optimization v1.1.1
"OPTPiX iMageStudio 3" = OPTPiX iMageStudio 3.1
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"PacSteamT" = PacSteamT
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"RivaTuner" = RivaTuner v2.21
"RocketDock_is1" = RocketDock 1.3.5
"Serious Samurize" = Serious Samurize
"Shock Aero 3D v0.91" = Shock Aero 3D v0.91
"Steam App 20" = Team Fortress Classic
"Steam App 205" = Source Dedicated Server
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"StepMania" = StepMania (remove only)
"SVN-Monitor" = SVN-Monitor 1.3.3.224
"SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1" = Uniblue PowerSuite
"SystemRequirementsLab" = System Requirements Lab
"Total Video2Dvd 2.70_is1" = Total Video2Dvd 2.70
"Toxic Biohazard" = Toxic Biohazard
"Uniblue DiskRescue 2009" = Uniblue DiskRescue 2009
"Update Manager" = Update Manager (remove only)
"Uplink" = Uplink
"uTorrent" = µTorrent
"Video Capture Master_is1" = Video Capture Master 7.0.0.3636
"VobSub" = VobSub v2.23 (Remove Only)
"Voobly_is1" = Voobly
"VTFEdit_is1" = VTFEdit 1.2.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Who Wants To Be A Millionaire" = Who Wants To Be A Millionaire
"WIC" = Windows Imaging Component
"WinCustomize Browser" = WinCustomize Browser
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WORD" = Microsoft Office Word 2007
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1708537768-1682526488-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"BitTorrent DNA" = DNA
"Diablo" = Diablo
"ijji.com" = ijji
"WinImage" = WinImage

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2009 10:30:25 AM | Computer Name = GEORGE | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 9/19/2009 2:29:59 PM | Computer Name = GEORGE | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 9/19/2009 2:53:55 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application pure.exe, version 1.0.0.1, faulting module msvcr80.dll,
version 8.0.50727.3053, fault address 0x00015078.

Error - 9/19/2009 3:18:31 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x50058924.

Error - 9/19/2009 3:43:28 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application pure.exe, version 1.0.0.1, faulting module msvcr80.dll,
version 8.0.50727.3053, fault address 0x00015078.

Error - 9/19/2009 4:51:15 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application pure.exe, version 1.0.0.1, faulting module msvcr80.dll,
version 8.0.50727.3053, fault address 0x00015078.

Error - 9/19/2009 5:09:44 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application pure.exe, version 1.0.0.1, faulting module msvcr80.dll,
version 8.0.50727.3053, fault address 0x00015078.

Error - 9/19/2009 5:23:10 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application pure.exe, version 1.0.0.1, faulting module msvcr80.dll,
version 8.0.50727.3053, fault address 0x00015078.

Error - 9/19/2009 5:40:17 PM | Computer Name = GEORGE | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 9/19/2009 6:16:38 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x50058924.

[ System Events ]
Error - 10/19/2009 6:13:55 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/19/2009 6:13:55 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SAVOnAccess Control SAVOnAccess Filter

Error - 10/20/2009 3:00:33 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/20/2009 3:00:33 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SAVOnAccess Control SAVOnAccess Filter

Error - 10/20/2009 8:18:21 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/20/2009 8:18:21 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SAVOnAccess Control SAVOnAccess Filter

Error - 10/21/2009 8:43:33 AM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/21/2009 8:43:33 AM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SAVOnAccess Control SAVOnAccess Filter

Error - 10/21/2009 2:57:37 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/21/2009 2:57:37 PM | Computer Name = GEORGE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd SAVOnAccess Control SAVOnAccess Filter


< End of report >
Intel Core 2 Duo 2.20GHz
DDR2 1024MB RAM
ASUSTek P5L-MX
232GB HDD (not sure of make)
BFG GeForce 8500GT 1GB (over-clocked)
D-Link wireless Router (Wired)
Windows XP SP3
Firefox , Thunderbird
ESET NOD32
Super Anti-Spyware FREE, IObit 360 Security beta

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:02 PM

Posted 22 October 2009 - 06:27 AM

Hi,

please run Malwarebytes and Rootrepeal:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Please run also Rootrepeal:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click Posted Image on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.


Finally please run the following batch:
Open Notepad and copy/paste the code box below into a new text file.
@echo off
sc queryex TermService >log.txt
sc queryex FastUserSwitchingCompatibility>>log.txt
log.txt
  • Save the file as query.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "query.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • It will open a text file, please copy the content in your next reply along with the logs from Malwarebytes and Rootrepeal.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Qwerty_Uieo

Qwerty_Uieo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 22 October 2009 - 09:53 PM

MBAM
Malwarebytes' Anti-Malware 1.41
Database version: 3012
Windows 5.1.2600 Service Pack 3

10/22/2009 3:21:50 PM
mbam-log-2009-10-22 (15-21-50).txt

Scan type: Quick Scan
Objects scanned: 110440
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ROOT REPEAL
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/22 22:18
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: PCI_PNP9036
Image Path: \Driver\PCI_PNP9036
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB0F0E000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spnx.sys
Image Path: spnx.sys
Address: 0xF744D000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\temp\cch27F9.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\temp\cch27FA.tmp
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\all users\application data\pure networks\log\logfile.nmsrvc_exe.txt
Status: Size mismatch (API: 18406, Raw: 17930)

Path: C:\Documents and Settings\All Users\Application Data\Pure Networks\Platform\networklib.xml
Status: Could not get file information (Error 0xc0000008)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\g_objdt.dat
Status: Size mismatch (API: 29117152, Raw: 29117141)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\g_objid.dat
Status: Size mismatch (API: 26020088, Raw: 26020059)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\bases\cache\av39a3.tmp
Status: Allocation size mismatch (API: 18096128, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\01\0000041c_events.dat
Status: Size mismatch (API: 438002, Raw: 437792)

Path: c:\documents and settings\marc\application data\mozilla\firefox\profiles\pzcygn8z.marc\places.sqlite
Status: Size mismatch (API: 9637888, Raw: 9633792)

Path: C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\pzcygn8z.Marc\videostats.sol
Status: Locked to the Windows API!

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bb36e

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bba86

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bc60c

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bcb40

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bbd78

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29ba460

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bca18

#: 044 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29b9d0a

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bc8d4

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bb102

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bcc72

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29be40e

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bb886

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bc976

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29baa20

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bacf8

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bc21c

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29be980

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bae3a

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29baee4

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bc016

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bdea6

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29ba43c

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29ba44e

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bb030

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bcbe2

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bbb08

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29ba604

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bcab0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bb56e

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29be438

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bcd14

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bb492

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29baf8e

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29babb6

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29ba8bc

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29be128

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bab34

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29ba0c2

#: 194 Function Name: NtReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bd09e

#: 195 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bcf64

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bdc30

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29ba224

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29be860

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29b9ec4

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bc312

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bb984

#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bd5f2

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bdfa0

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29be4c2

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29ba744

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29be5a6

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29be6d2

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bddd2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bb6ea

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bb63c

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29bb7c8

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x873641f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x86038500 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CREATE]
Process: System Address: 0x86e5d500 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CLOSE]
Process: System Address: 0x86e5d500 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e5d500 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e5d500 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_POWER]
Process: System Address: 0x86e5d500 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86e5d500 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_PNP]
Process: System Address: 0x86e5d500 Size: 121

Object: Hidden Code [Driver: Program Fil, IRP_MJ_CREATE]
Process: System Address: 0x86e73500 Size: 121

Object: Hidden Code [Driver: Program Fil, IRP_MJ_CLOSE]
Process: System Address: 0x86e73500 Size: 121

Object: Hidden Code [Driver: Program Fil, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e73500 Size: 121

Object: Hidden Code [Driver: Program Fil, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e73500 Size: 121

Object: Hidden Code [Driver: Program Fil, IRP_MJ_POWER]
Process: System Address: 0x86e73500 Size: 121

Object: Hidden Code [Driver: Program Fil, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86e73500 Size: 121

Object: Hidden Code [Driver: Program Fil, IRP_MJ_PNP]
Process: System Address: 0x86e73500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86edf500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86f31500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86f31500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86f31500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86f31500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f31500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f31500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86f31500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f31500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86f31500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86ee2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86ee2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ee2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ee2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86ee2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ee2500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86ee2500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x873d91f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x86e83500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x86e83500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e83500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e83500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x86e83500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x86e83500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86e70500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86e70500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e70500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e70500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86e70500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86e70500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86e70500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86f1b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_CREATE]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_CLOSE]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_READ]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_CLEANUP]
Process: System Address: 0x86f2e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅ敋ꁹȁఇ䵃慖, IRP_MJ_PNP]
Process: System Address: 0x86f2e500 Size: 121

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cb32a

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cb3ee

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cb454

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cb38a

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29caec4

#: 323 Function Name: NtUserCallOneParam
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cb242

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cb0b2

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cae2c

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cb17a

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cae78

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cb004

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29caf5a

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cafae

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cb10a

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cb064

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cad7c

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf29cadd2

==EOF==

Query

SERVICE_NAME: TermService
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :

SERVICE_NAME: FastUserSwitchingCompatibility
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
Intel Core 2 Duo 2.20GHz
DDR2 1024MB RAM
ASUSTek P5L-MX
232GB HDD (not sure of make)
BFG GeForce 8500GT 1GB (over-clocked)
D-Link wireless Router (Wired)
Windows XP SP3
Firefox , Thunderbird
ESET NOD32
Super Anti-Spyware FREE, IObit 360 Security beta

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:02 PM

Posted 26 October 2009 - 09:01 AM

Hi,

Open Notepad and copy/paste the code box below into a new text file.
@echo off
sc start TermService >log.txt
sc start FastUserSwitchingCompatibility>>log.txt
log.txt
  • Save the file as regquery.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "regquery.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • It will open a text file, please copy the content in your next reply.
Please also check your Taskmanager and tell me if anything has changed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Qwerty_Uieo

Qwerty_Uieo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 27 October 2009 - 07:39 PM

Task Manager remains the same

LOG.txt

[SC] StartService FAILED 1058:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


[SC] StartService FAILED 1058:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Intel Core 2 Duo 2.20GHz
DDR2 1024MB RAM
ASUSTek P5L-MX
232GB HDD (not sure of make)
BFG GeForce 8500GT 1GB (over-clocked)
D-Link wireless Router (Wired)
Windows XP SP3
Firefox , Thunderbird
ESET NOD32
Super Anti-Spyware FREE, IObit 360 Security beta

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:02 PM

Posted 28 October 2009 - 06:57 AM

Hi,

the problem with your Taskmanager is coming from two windows services which aren't but should be running.

I would like to take a closer look at their settings:
Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply
regards _tmep_

Edited by _temp_, 28 October 2009 - 06:57 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Qwerty_Uieo

Qwerty_Uieo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 28 October 2009 - 04:30 PM

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 17:30 on 28/10/2009 by Marc (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]
"DependOnService"="RPCSS"
"Description"="Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server."
"DisplayName"="Terminal Services"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\System32\svchost -k DComLaunch"
"ObjectName"="LocalSystem"
"Start"= 0x0000000004 (4)
"Type"= 0x0000000020 (32)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Enum]
"0"="Root\LEGACY_TERMSERVICE\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters]
"Certificate"=01 00 00 00 01 00 00 00 01 00 00 00 06 00 5c 00 52 53 41 31 48 00 00 00 00 02 00 00 3f 00 00 00 01 00 01 00 61 89 56 ef 3d fd 77 b6 80 8a c2 41 69 f2 88 02 5e 4c 5b 0b c0 6c 0f 08 3f 3a 9c bb 28 97 9d 3b af 58 35 d9 90 55 3a 98 b7 24 9c 7e 94 f4 c6 e3 b4 4b 6b 40 71 72 99 28 25 5f 6e be 4d 69 b0 f7 00 00 00 00 00 00 00 00 08 00 48 00 9b e9 e3 62 5a d9 64 11 8b 64 9e 90 c6 3a 13 c0 fa da e5 3e 18 13 0c a6 48 58 7a 12 2c 26 00 8e 2f 4a 14 b8 24 c8 9d 6f 93 ff 73 0d 41 6e 60 3a 27 27 d1 d5 ca 2d 0c 20 45 f2 fd aa 2a 42 de 15 00 00 00 00 00 00 00 00 (REG_BINARY)
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Performance]
"Close"="CloseTSObject"
"Collect Timeout"= 0x00000003e8 (1000)
"Collect"="CollectTSObjectData"
"First Counter"= 0x0000000806 (2054)
"First Help"= 0x0000000807 (2055)
"Last Counter"= 0x0000000886 (2182)
"Last Help"= 0x0000000887 (2183)
"Library Validation Code"=00 a0 13 80 5e 3c c6 01 00 30 00 00 00 00 00 00 (REG_BINARY)
"Library"="perfts.dll"
"Object List"="2054 2176"
"Open Timeout"= 0x00000003e8 (1000)
"Open"="OpenTSObject"
"WbemAdapFileSignature"=7e fd 21 14 ea d1 ac 72 34 26 10 d7 19 2b fb 32 (REG_BINARY)
"WbemAdapFileSize"= 0x0000003000 (12288)
"WbemAdapFileTime"=00 a0 13 80 5e 3c c6 01 (REG_BINARY)
"WbemAdapStatus"= 0000000000 (0)


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility]
"DependOnGroup"=" "
"DependOnService"="TermService"
"Description"="Provides management for applications that require assistance in a multiple user environment."
"DisplayName"="Fast User Switching Compatibility"
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\System32\svchost.exe -k netsvcs"
"ObjectName"="LocalSystem"
"Start"= 0x0000000004 (4)
"Type"= 0x0000000020 (32)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\Enum]
"0"="Root\LEGACY_FASTUSERSWITCHINGCOMPATIBILITY\0000"
"Count"= 0x0000000001 (1)
"NextInstance"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\Parameters]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
"ServiceMain"="BadApplicationServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\Security]
"Security"=01 00 14 80 90 00 00 00 9c 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"AllowMultipleTSSessions"= 0x0000000001 (1)
"AltDefaultDomainName"="GEORGE"
"AltDefaultUserName"="Marc"
"AutoRestartShell"= 0x0000000001 (1)
"Background"="0 0 0"
"cachedlogonscount"="10"
"ChangePasswordUseKerberos"= 0x0000000001 (1)
"DebugServerCommand"="no"
"DefaultDomainName"="GEORGE"
"DefaultUserName"="Marc"
"forceunlocklogon"= 0000000000 (0)
"HibernationPreviouslyEnabled"= 0x0000000001 (1)
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"LogonType"= 0x0000000001 (1)
"passwordexpirywarning"= 0x000000000e (14)
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"scremoveoption"="0"
"SFCDisable"= 0000000000 (0)
"SfcQuota"= 0x00ffffffff (-1)
"SfcScan"= 0000000000 (0)
"Shell"="Explorer.exe"
"ShowLogonOptions"= 0000000000 (0)
"ShutdownWithoutLogon"="0"
"System"=""
"UIHost"="logonui.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL "sysdm.cpl""
"WinStationsDisabled"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Credentials]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SCLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]


-=End Of File=-
Intel Core 2 Duo 2.20GHz
DDR2 1024MB RAM
ASUSTek P5L-MX
232GB HDD (not sure of make)
BFG GeForce 8500GT 1GB (over-clocked)
D-Link wireless Router (Wired)
Windows XP SP3
Firefox , Thunderbird
ESET NOD32
Super Anti-Spyware FREE, IObit 360 Security beta

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:02 PM

Posted 29 October 2009 - 05:18 PM

Hi,

the 2 relevant services have been disabled. Do you recall disabling any services?

I will ask you to enable them now and we will see if this is successful and we can get them to run.

Open Notepad and copy/paste the code box below into a new text file.
@echo off
echo Termservice >log.txt
sc config TermService start= demand >>log.txt
echo FastUserSwitchingCompatibility>>log.txt
sc config FastUserSwitchingCompatibility start= demand>>log.txt
log.txt
  • Save the file as service.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "service.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • It will open a text file, please copy the content in your next reply.
Please post back the content of the log in your next reply.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Qwerty_Uieo

Qwerty_Uieo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 30 October 2009 - 04:32 PM

No i do not, but I did my computer taken in to be fixed, maybe they fixed more than they should have... or they didn't clean up[ after working on it :(


Termservice
[SC] ChangeServiceConfig SUCCESS
FastUserSwitchingCompatibility
[SC] ChangeServiceConfig SUCCESS

Edited by Qwerty_Uieo, 30 October 2009 - 04:32 PM.

Intel Core 2 Duo 2.20GHz
DDR2 1024MB RAM
ASUSTek P5L-MX
232GB HDD (not sure of make)
BFG GeForce 8500GT 1GB (over-clocked)
D-Link wireless Router (Wired)
Windows XP SP3
Firefox , Thunderbird
ESET NOD32
Super Anti-Spyware FREE, IObit 360 Security beta

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:02 PM

Posted 31 October 2009 - 06:51 AM

Hi,

this looks good. Please run the batch from post #6 again and tell me if your Taskmanager is back to normal.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Qwerty_Uieo

Qwerty_Uieo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 01 November 2009 - 01:48 PM

Okay its working again, but the CPU Meter is still malfunctioning :(. The bar is reading too loq and i know that for a fact, because if I'm playing a graphically intense game, the CPU show be above 80%, instead it shows it at around 10-20%. I can post pictures if you want me too of how it is not working properly.


[SC] StartService FAILED 1056:

An instance of the service is already running.


[SC] StartService FAILED 1056:

An instance of the service is already running.
Intel Core 2 Duo 2.20GHz
DDR2 1024MB RAM
ASUSTek P5L-MX
232GB HDD (not sure of make)
BFG GeForce 8500GT 1GB (over-clocked)
D-Link wireless Router (Wired)
Windows XP SP3
Firefox , Thunderbird
ESET NOD32
Super Anti-Spyware FREE, IObit 360 Security beta

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:02 PM

Posted 01 November 2009 - 03:00 PM

Hi,

could you please check if the CPU% usage is also displayed wrong in the performance tab of task manager?

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Qwerty_Uieo

Qwerty_Uieo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 01 November 2009 - 07:37 PM

Yes, that was the CPU USAGE % i was talking about :(
Intel Core 2 Duo 2.20GHz
DDR2 1024MB RAM
ASUSTek P5L-MX
232GB HDD (not sure of make)
BFG GeForce 8500GT 1GB (over-clocked)
D-Link wireless Router (Wired)
Windows XP SP3
Firefox , Thunderbird
ESET NOD32
Super Anti-Spyware FREE, IObit 360 Security beta




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users