Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely Slow Computer


  • This topic is locked This topic is locked
10 replies to this topic

#1 FinalFanatic

FinalFanatic

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 29 May 2010 - 05:14 PM

Ok, so recently my laptop (running Vista Home Premium) has become painfully slow. Especially when attempting run media files such as videos or MP3s. I have gone through the process of disk cleanup, defragmenting, removing unwanted programs, checked my RAM (which is 3GB, so should be running perfectly).

I have run scans with AVG Free, Spybot S&D and Malwarebytes, showing no results. I then downloaded another piece of software named 'Exterminate It' and ran a scan using this. It found numerous infections, including a Backdoor Trojan named MSIVXcount, Adware named 'Trymedia' and also 'Alureon'. However, this software requires purchasing and activation in order to remove what it has found. Does anyone know of any free software that I can use to remove these infections? I have used Trojan Remover in the past for problems like this, but my evaluation period has run out on that as well, it seems.

I have run a DDS scan, which completed successfully. I attempted to run a GMER scan, the first time I ran this it picked up a large amount of entries seemingly related to Google Chrome, and then crashed. I ran the executable again and was greeted with BSOD. (EDIT: I have also attempted another run of GMER since this, which resulted in another BSOD during the scan). I have attached the logs from the DDS scan as requested.

Attached Files


Edited by FinalFanatic, 30 May 2010 - 06:19 AM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:24 PM

Posted 31 May 2010 - 02:06 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 FinalFanatic

FinalFanatic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 01 June 2010 - 09:57 AM

I have rerun the DDS scan, and attached the logs (I believe I was supposed to zip the Attach.txt file?). I have also run the GMER scan in safe mode which appeared to run successfully, and attached the log. Something that I did not mention in my original post was that I did find the file 'MSIVXcount' that Exterminate It flagged as a backdoor trojan in my Windows folders, if this is of any threat.

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:24 PM

Posted 03 June 2010 - 11:48 AM

Hello, FinalFanatic
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 FinalFanatic

FinalFanatic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 03 June 2010 - 03:30 PM

Hi Schrauber, many thanks for the reply. I have pasted the ComboFix log below.



ComboFix 10-06-03.01 - Henri 03/06/2010 20:38:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1556 [GMT 1:00]
Running from: c:\users\Henri\Desktop\schrauber.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Henri\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat
c:\windows\system32\%appdata%
c:\windows\system32\MSIVXcount

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-03 20:08 . 2010-06-03 20:14 -------- d-----w- c:\users\Henri\AppData\Local\temp
2010-06-03 20:08 . 2010-06-03 20:08 -------- d-----w- c:\users\ICT Work\AppData\Local\temp
2010-06-03 20:08 . 2010-06-03 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-01 14:41 . 2010-06-01 14:41 -------- d-----w- c:\program files\Iminent
2010-06-01 14:38 . 2010-06-01 14:42 -------- d--h--w- c:\programdata\{C365EC06-C51C-457E-9FCE-FF6C83A4B8A0}
2010-06-01 10:50 . 2010-06-01 11:37 680 ----a-w- c:\users\Henri\AppData\Local\d3d9caps.dat
2010-06-01 10:39 . 2010-06-01 10:39 93056 ----a-w- C:\uxlyqkow.sys
2010-05-29 18:40 . 2010-05-29 20:32 -------- d-----w- c:\program files\Exterminate It!
2010-05-28 22:31 . 2010-05-28 22:32 -------- d-----w- c:\users\Henri\AppData\Roaming\Simply Super Software
2010-05-28 22:31 . 2010-05-28 22:31 -------- d-----w- c:\programdata\Simply Super Software
2010-05-28 16:53 . 2010-05-28 16:53 -------- d-----w- c:\users\Henri\AppData\Roaming\Malwarebytes
2010-05-28 16:53 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-28 16:53 . 2010-05-28 16:53 -------- d-----w- c:\programdata\Malwarebytes
2010-05-28 16:53 . 2010-05-28 16:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 16:53 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-25 17:28 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-12 16:57 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-07 19:52 . 2010-05-07 19:52 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-05-06 15:43 . 2010-05-25 17:11 -------- d-----w- c:\users\Henri\AppData\Roaming\Xfire
2010-05-06 15:43 . 2010-05-25 17:11 -------- d-----w- c:\programdata\Xfire
2010-05-06 15:43 . 2010-05-12 16:50 -------- d-----w- c:\program files\Xfire
2010-05-05 16:31 . 2010-05-05 16:31 -------- d-----w- c:\program files\Common Files\Enterbrain
2010-05-05 16:30 . 2010-05-05 16:30 -------- d-----w- c:\program files\Enterbrain

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 20:12 . 2009-06-18 17:50 -------- d-----w- c:\program files\DNA
2010-06-03 20:12 . 2009-05-16 11:05 -------- d-----w- c:\users\Henri\AppData\Roaming\DNA
2010-06-02 20:08 . 2010-06-02 20:08 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-02 20:08 . 2010-06-02 20:08 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 20:07 . 2009-04-11 15:46 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 20:07 . 2009-04-11 15:46 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 18:56 . 2009-11-07 18:10 0 ----a-w- c:\users\Henri\AppData\Local\prvlcl.dat
2010-05-31 21:08 . 2010-05-05 16:31 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-31 21:08 . 2010-05-05 16:31 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-31 07:38 . 2010-06-01 14:42 2354272 ----a-w- c:\programdata\{C365EC06-C51C-457E-9FCE-FF6C83A4B8A0}\NotifierSetup.exe
2010-05-31 07:34 . 2010-06-01 14:36 528896 ----a-w- c:\programdata\{C365EC06-C51C-457E-9FCE-FF6C83A4B8A0}\offline\A5E06B3C\21A18D0C\Iminent.Notifier.exe
2010-05-31 07:33 . 2010-06-01 14:36 44280 ----a-w- c:\programdata\{C365EC06-C51C-457E-9FCE-FF6C83A4B8A0}\offline\1B39965F\21A18D0C\Iminent.BHO.NavigationError.dll
2010-05-29 18:51 . 2009-05-22 17:03 -------- d-----w- c:\users\Henri\AppData\Roaming\uTorrent
2010-05-28 22:33 . 2009-06-14 12:52 -------- d-----w- c:\program files\Trojan Remover
2010-05-25 17:11 . 2009-04-20 09:27 -------- d-----w- c:\users\Henri\AppData\Roaming\Dev-Cpp
2010-05-25 17:11 . 2009-10-23 21:07 -------- d-----w- c:\program files\Messenger Plus! Live
2010-05-25 17:11 . 2009-01-14 22:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-25 17:11 . 2010-04-06 20:27 -------- d-----w- c:\program files\Electronic Arts
2010-05-25 17:11 . 2010-03-19 20:55 -------- d-----w- c:\program files\Blender Foundation
2010-05-19 17:50 . 2009-05-22 17:03 -------- d-----w- c:\program files\uTorrent
2010-05-15 18:58 . 2010-03-07 14:13 -------- d-----w- c:\program files\Steam
2010-05-12 21:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 21:40 . 2009-01-14 23:00 -------- d-----w- c:\programdata\Microsoft Help
2010-05-05 17:52 . 2008-11-19 19:11 -------- d-----w- c:\program files\ATI
2010-05-05 16:31 . 2010-05-05 16:31 88 --sh--r- c:\programdata\1AF3BAD780.sys
2010-05-05 16:31 . 2010-05-05 16:31 88 --sh--r- c:\programdata\1AF3BAD780.sys
2010-05-04 17:01 . 2009-11-13 21:22 -------- d-----w- c:\users\Henri\AppData\Roaming\Unity
2010-05-04 17:00 . 2010-05-04 16:59 -------- d-----w- c:\users\Henri\AppData\Roaming\PACE Anti-Piracy
2010-05-04 17:00 . 2010-05-04 16:59 -------- d-----w- c:\programdata\PACE Anti-Piracy
2010-05-04 16:59 . 2010-05-04 16:59 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2010-05-04 16:54 . 2010-05-04 16:54 -------- d-----w- c:\program files\Unity
2010-05-01 15:19 . 2010-05-01 15:19 -------- d-----w- c:\program files\Microsoft XNA
2010-04-26 17:21 . 2010-04-26 17:19 -------- d-----w- c:\program files\VstPlugins
2010-04-26 17:19 . 2009-07-05 20:03 -------- d-----w- c:\program files\Image-Line
2010-04-22 16:52 . 2010-04-22 16:52 -------- d-----w- c:\program files\Common Files\Java
2010-04-22 16:52 . 2009-04-12 12:42 -------- d-----w- c:\program files\Java
2010-04-19 19:04 . 2010-04-19 19:03 -------- d-----w- c:\users\Henri\AppData\Roaming\Braid
2010-04-19 16:30 . 2009-05-10 18:47 -------- d-----w- c:\program files\Subagames
2010-04-19 16:27 . 2009-06-05 10:16 -------- d-----w- c:\users\Henri\AppData\Roaming\Three Rings Design
2010-04-17 13:35 . 2009-01-14 22:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-12 16:29 . 2010-04-22 16:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 12:56 . 2009-05-23 19:00 -------- d-----w- c:\program files\Windows Live
2010-04-07 12:20 . 2010-04-07 12:20 -------- d-----w- c:\users\ICT Work\AppData\Roaming\ATI
2010-04-06 20:43 . 2010-04-06 20:43 10134 ----a-r- c:\users\Henri\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-04-06 20:43 . 2010-04-06 20:43 -------- d-----w- c:\program files\Microsoft WSE
2010-04-06 20:33 . 2010-04-06 20:32 -------- d-----w- c:\program files\Game Maker 8 Pro Edition
2010-03-11 17:40 . 2010-03-11 17:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 17:35 . 2009-04-11 15:46 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-24 17:05 . 2009-07-03 21:57 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
2010-05-31 07:33 44280 ----a-w- c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-11 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-16 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-18 6294048]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-01 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-27 1165192]
"Iminent.Notifier"="c:\program files\Iminent\SearchTheWeb\Iminent.Notifier.exe" [2010-05-31 528896]

c:\users\Henri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-8-26 2684256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Henri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\users\Henri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-24 17:05 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 15:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-09-02 14:27 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-08 18:48 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:2d,bf,c1,61,72,72,ca,01

R3 AghAsh;AghAsh;c:\mayn games\TwelveSky 2\AghAsh.des [x]
R3 AghHip;AghHip;c:\mayn games\TwelveSky 2\AghHip.des [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-11 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-02 242896]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-11 308064]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 08:35]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 08:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1108&m=aspire_6530
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: yoyogames.com\www
FF - ProfilePath - c:\users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\
FF - prefs.js: browser.search.selectedEngine - SearchTheWeb
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppanda3d.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Henri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Henri\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions\wildpocketsloader@simopsstudios.com\plugins\npWildPocketsLoader.dll
FF - plugin: c:\users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - (no file)
HKLM-Run-IMBooster - c:\program files\Iminent\IMBooster\IMBooster.exe
MSConfigStartUp-PlayMovie - c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
AddRemove-FastCAD - c:\program files\CC3\ProFantasy\CC3\UNINST.EXE
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll
AddRemove-UnityWebPlayer - c:\users\Henri\AppData\Local\Unity\WebPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 21:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AghAsh]
"ImagePath"="\??\c:\mayn games\TwelveSky 2\AghAsh.des"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AghHip]
"ImagePath"="\??\c:\mayn games\TwelveSky 2\AghHip.des"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4864)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\Henri\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-06-03 21:27:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-03 20:27

Pre-Run: 48,597,102,592 bytes free
Post-Run: 48,605,126,656 bytes free

- - End Of File - - 31B06EE4D19A4E57BDD56B0B7E813CFB


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:24 PM

Posted 05 June 2010 - 07:23 AM

Hi,




Download and Run StartupLite


This program will identify startup entries that are unnecessary to be started at bootup. This will help free some memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click on StartUpLite.exe to run it. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of unecessary startup entries will be compiled.
  • Take a read at the description of each and for most of them you probably won't need it please make sure there is a checkmark next to Disable.
  • Leave all the items as Disabled and click Continue.
  • Restart your computer once it's done.





Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.






Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 FinalFanatic

FinalFanatic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 06 June 2010 - 04:29 PM

Here's the ESET log:


CODE
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a9ad5f69d0349a4a97004ff337d82c62
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-05 08:24:34
# local_time=2010-06-05 09:24:34 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 18497016 18497016 0 0
# compatibility_mode=5892 16776574 100 100 16238060 113295834 0 0
# compatibility_mode=8192 67108863 100 0 188 188 0 0
# scanned=54806
# found=0
# cleaned=0
# scan_time=6369
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a9ad5f69d0349a4a97004ff337d82c62
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-06 08:21:32
# local_time=2010-06-06 09:21:32 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 18552516 18552516 0 0
# compatibility_mode=5892 16776574 100 100 16293560 113351334 0 0
# compatibility_mode=8192 67108863 100 0 55688 55688 0 0
# scanned=239563
# found=1
# cleaned=1
# scan_time=37086
C:\Program Files\Game_Maker7\Game Maker 7.0 PRO Crack.exe    probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C


OTL.txt:

CODE
OTL logfile created on: 06/06/2010 21:38:56 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Henri\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 51.50 Gb Free Space | 35.75% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 140.37 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEP_THOUGHT
Current User Name: Henri
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/06/06 21:38:28 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Henri\Downloads\OTL.exe
PRC - [2010/06/05 19:32:04 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Henri\AppData\Local\temp\RtkBtMnt.exe
PRC - [2010/06/02 21:07:12 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 21:07:12 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 21:07:04 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 21:07:00 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/31 08:34:25 | 000,528,896 | ---- | M] (Iminent) -- C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
PRC - [2010/05/28 01:08:46 | 003,493,264 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2010/05/20 19:56:44 | 000,943,600 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010/03/11 18:39:13 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/16 16:39:07 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/26 12:36:00 | 002,684,256 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/07/30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2009/07/21 20:58:00 | 002,651,512 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2009/07/07 11:44:00 | 000,341,320 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2009/07/02 18:16:22 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/02 18:15:53 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/08 15:34:00 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/03 16:33:00 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/04/11 16:08:23 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/03 19:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/18 12:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/01 18:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/07/30 02:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/30 02:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/07/24 12:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/07/01 02:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/06/17 05:23:24 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/06/02 18:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/05/30 21:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/04/26 06:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/26 06:36:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/26 06:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/03 22:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/06/06 21:38:28 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Henri\Downloads\OTL.exe
MOD - [2010/05/28 01:09:04 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_42784.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/08/01 18:51:04 | 000,204,800 | ---- | M] (Acer Inc.) -- C:\Windows\System32\SysHook.dll
MOD - [2008/07/25 00:54:12 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 03:23:45 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/03/11 18:39:13 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/24 18:05:27 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/30 22:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/02 18:15:53 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/06/09 15:31:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/28 21:46:00 | 002,806,062 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/30 02:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/06/02 18:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/04/26 06:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/26 06:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/03 22:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/07 01:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/01/04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/06/02 21:07:13 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 21:07:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/11 18:35:55 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/18 18:46:13 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/28 12:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/08/05 15:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2009/08/05 13:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009/07/28 21:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2009/07/24 12:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009/07/02 18:50:46 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/19 10:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009/06/19 10:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2009/06/17 12:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009/05/20 06:02:42 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2009/04/09 15:59:48 | 000,958,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/03/26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/10/17 09:50:00 | 000,131,072 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2008/10/17 09:50:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008/09/18 11:49:28 | 002,169,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/26 04:25:28 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/07/30 02:53:12 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/30 02:53:10 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/30 02:53:10 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/06/02 18:20:12 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/29 02:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/05/28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/04/28 02:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/25 03:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/30 10:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 10:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/03/28 16:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2006/11/02 14:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005/01/01 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=1108&m=aspire_6530

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"
FF - prefs.js..browser.search.selectedEngine: "SearchTheWeb"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4
FF - prefs.js..extensions.enabledItems: wildpocketsloader@simopsstudios.com:1.0.9.15079
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/03 19:57:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/19 17:22:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/22 17:52:14 | 000,000,000 | ---D | M]

[2009/06/13 21:36:02 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Mozilla\Extensions
[2010/05/27 12:30:51 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions
[2009/06/24 20:15:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/15 16:41:53 | 000,000,000 | ---D | M] () -- C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2009/10/31 13:54:30 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/06/19 14:45:40 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions\SolidStateION@solidstatenetworks.com
[2009/12/18 21:35:49 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions\wildpocketsloader@simopsstudios.com
[2009/09/26 12:33:52 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\edxlo4gl.default\extensions\yyginstantplay@yoyogames.com
[2010/05/06 13:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/04 20:56:05 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\Program Files\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}
[2010/04/22 17:52:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/11 23:38:32 | 000,221,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\nppanda3d.dll
[2009/12/05 19:19:05 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/11/15 19:34:26 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/06/03 21:11:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Iminent.BHO.NavigationError) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\IMBooster.exe File not found
O4 - HKLM..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit\532.5_(KHTML,_like_Gecko)_Chrome\4.1.249.1064_Safari\532.5 - File not found
O4 - Startup: C:\Users\Henri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools:  = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip:  = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: yoyogames.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Henri\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Henri\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/06/05 19:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/04 20:51:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/06/03 21:27:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/03 21:11:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/06/03 21:08:48 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Local\temp
[2010/06/03 20:34:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/03 20:34:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/03 20:34:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/03 20:33:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/03 20:23:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/03 20:16:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/01 15:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2010/06/01 15:38:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C365EC06-C51C-457E-9FCE-FF6C83A4B8A0}
[2010/06/01 11:39:40 | 000,093,056 | ---- | C] (GMER) -- C:\uxlyqkow.sys
[2010/05/29 22:05:40 | 000,472,064 | ---- | C] ( ) -- C:\Users\Henri\Desktop\RootRepeal.exe
[2010/05/29 19:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2010/05/28 23:31:39 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Roaming\Simply Super Software
[2010/05/28 23:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/05/28 17:53:53 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Roaming\Malwarebytes
[2010/05/28 17:53:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/28 17:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/28 17:53:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/28 17:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/27 18:18:42 | 009,518,552 | ---- | C] (Simply Super Software                                       ) -- C:\Users\Henri\Desktop\trj681.exe
[2010/05/26 18:31:28 | 000,000,000 | ---D | C] -- C:\Users\Henri\Documents\Simply Super Software
[2010/05/12 17:56:50 | 000,000,000 | ---D | C] -- C:\Users\Henri\Desktop\SDL
[2010/05/06 16:48:24 | 000,000,000 | ---D | C] -- C:\Users\Henri\Documents\RPGVX
[2010/05/06 16:43:57 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Roaming\Xfire
[2010/05/06 16:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010/05/06 16:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010/05/05 17:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Enterbrain
[2010/05/05 17:30:29 | 000,000,000 | ---D | C] -- C:\Program Files\Enterbrain
[2010/05/04 17:59:46 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Roaming\PACE Anti-Piracy
[2010/05/04 17:59:46 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Local\PACE Anti-Piracy
[2010/05/04 17:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010/05/04 17:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2010/05/04 17:57:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2010/05/04 17:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2010/05/02 19:40:15 | 000,000,000 | ---D | C] -- C:\HammerAutosave
[2010/05/02 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Henri\Maps
[2010/05/01 16:19:56 | 000,000,000 | ---D | C] -- C:\Users\Henri\Documents\SavedGames
[2010/05/01 16:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2010/04/26 21:49:04 | 000,000,000 | ---D | C] -- C:\Users\Henri\Documents\OneNote Notebooks
[2010/04/26 18:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2010/04/22 17:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/22 17:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/19 20:03:44 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Roaming\Braid
[2010/04/19 18:36:27 | 000,000,000 | ---D | C] -- C:\Users\Henri\Desktop\C++ Projects
[2010/04/17 14:45:07 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Local\Installer7252
[2010/04/17 14:36:06 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Local\Installer7316
[2010/04/07 17:43:35 | 000,000,000 | ---D | C] -- C:\Users\Henri\Desktop\Citadel
[2010/04/06 22:09:28 | 000,000,000 | ---D | C] -- C:\Users\Henri\Documents\Electronic Arts
[2010/04/06 21:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2010/04/06 21:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Game Maker 8 Pro Edition
[2010/04/06 21:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/04/04 20:56:09 | 000,000,000 | ---D | C] -- C:\Users\Henri\Documents\My Downloaded Video
[2010/04/04 20:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Nuclear Coffee
[2010/03/19 21:58:10 | 000,000,000 | ---D | C] -- C:\Python26
[2010/03/19 21:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2010/03/11 18:40:29 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/01/14 21:52:13 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/06/06 21:46:29 | 008,650,752 | -HS- | M] () -- C:\Users\Henri\ntuser.dat
[2010/06/06 21:45:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/06 21:00:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 21:00:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/06 16:45:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/06 11:09:23 | 060,763,240 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/06 11:00:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/06 10:59:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/05 21:58:55 | 000,524,288 | -HS- | M] () -- C:\Users\Henri\ntuser.dat{33028a59-2e08-11df-a931-00238b206a0b}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 21:58:55 | 000,065,536 | -HS- | M] () -- C:\Users\Henri\ntuser.dat{33028a59-2e08-11df-a931-00238b206a0b}.TM.blf
[2010/06/05 19:19:24 | 003,121,471 | -H-- | M] () -- C:\Users\Henri\AppData\Local\IconCache.db
[2010/06/04 20:56:43 | 000,000,000 | ---- | M] () -- C:\Users\Henri\AppData\Local\prvlcl.dat
[2010/06/03 21:12:50 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/03 21:11:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/03 20:33:33 | 003,702,826 | R--- | M] () -- C:\Users\Henri\Desktop\schrauber.exe
[2010/06/02 21:07:13 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/02 21:07:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/06/01 17:44:01 | 276,519,481 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/01 15:56:32 | 000,003,485 | ---- | M] () -- C:\Users\Henri\Desktop\Attach.zip
[2010/06/01 12:37:48 | 000,000,680 | ---- | M] () -- C:\Users\Henri\AppData\Local\d3d9caps.dat
[2010/06/01 11:39:40 | 000,093,056 | ---- | M] (GMER) -- C:\uxlyqkow.sys
[2010/05/31 22:08:53 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/29 22:43:11 | 000,000,176 | ---- | M] () -- C:\Users\Henri\defogger_reenable
[2010/05/29 22:06:05 | 000,000,000 | ---- | M] () -- C:\Users\Henri\Desktop\settings.dat
[2010/05/29 19:40:35 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2010/05/28 23:33:03 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/05/28 23:30:56 | 009,518,552 | ---- | M] (Simply Super Software                                       ) -- C:\Users\Henri\Desktop\trj681.exe
[2010/05/28 17:53:35 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 01:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2010/05/06 13:49:40 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010/05/06 13:49:40 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010/05/05 18:52:25 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010/05/05 17:31:58 | 000,000,088 | RHS- | M] () -- C:\ProgramData\1AF3BAD780.sys
[2010/05/05 16:57:06 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/05 16:57:06 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/05 16:57:06 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/04 17:57:43 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2010/05/01 09:54:18 | 001,732,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 18:34:38 | 000,052,736 | ---- | M] () -- C:\Users\Henri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 20:10:33 | 000,379,392 | ---- | M] () -- C:\Users\Henri\Desktop\Assassins Creed MV.MSWMM
[2010/04/26 21:49:04 | 000,001,115 | ---- | M] () -- C:\Users\Henri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/04/26 19:56:29 | 024,551,757 | ---- | M] () -- C:\Users\Henri\Desktop\YouTube- Assassin's Creed 2 - Gameplay Trailer.wmv
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/19 18:27:18 | 000,391,971 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100505-210748.backup
[2010/04/19 17:19:13 | 000,000,274 | ---- | M] () -- C:\Users\Public\Documents\neople_uninstaller0.bat
[2010/04/07 13:26:19 | 000,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010/03/14 16:22:13 | 000,380,663 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100419-182718.backup
[2010/03/13 00:20:45 | 000,524,288 | -HS- | M] () -- C:\Users\Henri\ntuser.dat{33028a59-2e08-11df-a931-00238b206a0b}.TMContainer00000000000000000002.regtrans-ms
[2010/03/12 20:10:48 | 000,524,288 | -HS- | M] () -- C:\Users\Henri\ntuser.dat{d75a03e1-59cf-11de-b322-00238b206a0b}.TMContainer00000000000000000001.regtrans-ms
[2010/03/12 20:10:48 | 000,065,536 | -HS- | M] () -- C:\Users\Henri\ntuser.dat{d75a03e1-59cf-11de-b322-00238b206a0b}.TM.blf
[2010/03/11 18:40:29 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/11 18:35:55 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/06/03 20:34:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/03 20:34:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/03 20:34:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/03 20:34:45 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/03 20:34:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/03 20:15:22 | 003,702,826 | R--- | C] () -- C:\Users\Henri\Desktop\schrauber.exe
[2010/06/01 15:56:06 | 000,003,485 | ---- | C] () -- C:\Users\Henri\Desktop\Attach.zip
[2010/06/01 11:50:45 | 000,000,680 | ---- | C] () -- C:\Users\Henri\AppData\Local\d3d9caps.dat
[2010/05/29 23:06:09 | 276,519,481 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/29 22:58:29 | 000,293,376 | ---- | C] () -- C:\Users\Henri\Desktop\gmer.exe
[2010/05/29 22:42:29 | 000,000,176 | ---- | C] () -- C:\Users\Henri\defogger_reenable
[2010/05/29 22:06:05 | 000,000,000 | ---- | C] () -- C:\Users\Henri\Desktop\settings.dat
[2010/05/29 19:40:35 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2010/05/28 23:33:03 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/05/28 17:53:35 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/28 01:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/05/06 13:44:22 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010/05/06 13:44:22 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010/05/05 18:52:25 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010/05/05 17:31:47 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/05 17:31:47 | 000,000,088 | RHS- | C] () -- C:\ProgramData\1AF3BAD780.sys
[2010/05/04 17:57:43 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2010/04/26 21:49:04 | 000,001,115 | ---- | C] () -- C:\Users\Henri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/04/26 20:08:52 | 000,379,392 | ---- | C] () -- C:\Users\Henri\Desktop\Assassins Creed MV.MSWMM
[2010/04/26 19:54:26 | 024,551,757 | ---- | C] () -- C:\Users\Henri\Desktop\YouTube- Assassin's Creed 2 - Gameplay Trailer.wmv
[2010/04/19 17:19:13 | 000,000,274 | ---- | C] () -- C:\Users\Public\Documents\neople_uninstaller0.bat
[2010/03/12 20:16:44 | 000,524,288 | -HS- | C] () -- C:\Users\Henri\ntuser.dat{33028a59-2e08-11df-a931-00238b206a0b}.TMContainer00000000000000000002.regtrans-ms
[2010/03/12 20:16:44 | 000,524,288 | -HS- | C] () -- C:\Users\Henri\ntuser.dat{33028a59-2e08-11df-a931-00238b206a0b}.TMContainer00000000000000000001.regtrans-ms
[2010/03/12 20:16:44 | 000,065,536 | -HS- | C] () -- C:\Users\Henri\ntuser.dat{33028a59-2e08-11df-a931-00238b206a0b}.TM.blf
[2009/10/20 16:33:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/09 14:36:14 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/24 14:48:41 | 000,000,037 | ---- | C] () -- C:\Windows\wininit.ini
[2009/06/24 11:37:13 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/06/24 11:37:13 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/06/13 23:23:45 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009/06/13 23:23:45 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2009/06/13 23:23:45 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009/06/13 23:23:45 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2009/06/03 16:21:07 | 000,573,440 | ---- | C] () -- C:\Windows\System32\alleg42.dll
[2009/06/02 13:39:25 | 000,000,004 | ---- | C] () -- C:\Windows\System32\msvcb265.sys
[2009/05/11 18:35:32 | 000,000,033 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2009/04/13 21:06:04 | 000,221,184 | ---- | C] () -- C:\Windows\System32\COMSocketServer.dll
[2009/04/13 21:05:57 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/04/12 20:26:17 | 000,000,809 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2009/01/14 23:56:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009/01/14 23:56:49 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009/01/14 23:32:51 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/14 23:22:12 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/01/14 21:50:49 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/11/19 20:23:45 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/11/19 20:23:45 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/06/28 00:43:20 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/02/15 18:23:18 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll
[2001/12/27 01:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 08:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 01:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 07:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[color=#E56717]========== LOP Check ==========[/color]

[2009/01/14 23:54:28 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Acer GameZone Console
[2009/06/24 19:52:43 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\avidemux
[2009/04/19 22:13:47 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Blitware
[2010/04/19 20:04:49 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Braid
[2010/02/19 14:29:18 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\DAEMON Tools Lite
[2010/05/25 18:11:35 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Dev-Cpp
[2010/06/06 21:42:27 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\DNA
[2009/04/11 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\eSobi
[2010/02/28 22:57:08 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Facebook
[2009/05/25 23:03:50 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\fizzy
[2009/04/16 20:28:21 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\gtk-2.0
[2009/12/02 16:32:04 | 000,000,000 | -H-D | M] -- C:\Users\Henri\AppData\Roaming\ijjigame
[2010/03/14 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Mount&Blade
[2009/10/24 17:57:45 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\NeopleLauncherDFO
[2009/06/15 16:17:05 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Notepad++
[2009/04/16 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Opera
[2010/05/04 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\PACE Anti-Piracy
[2010/05/28 23:32:16 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Simply Super Software
[2009/12/07 22:36:44 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\SystemRequirementsLab
[2009/04/13 21:55:16 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Template
[2010/04/19 17:27:06 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Three Rings Design
[2010/01/04 15:26:09 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Toshiba
[2010/05/04 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\Unity
[2010/05/29 19:51:41 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\uTorrent
[2009/05/20 10:46:07 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\vghd
[2009/04/11 21:02:38 | 000,000,000 | ---D | M] -- C:\Users\Henri\AppData\Roaming\YuLeech
[2010/06/05 21:59:10 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: AHCIX86S.SYS  >[/color]
[2008/05/28 07:47:08 | 000,171,016 | R--- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\ACER\Preload\Autorun\DRV\AMD VGA Chip RS780MN M82ME-XT M86ME\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2008/05/28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\Windows\System32\drivers\ahcix86s.sys
[2008/05/28 07:47:08 | 000,171,016 | ---- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_37966648\ahcix86s.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/22 05:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2008/02/22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2008/02/22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2007/01/13 07:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/07/02 18:16:51 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\ATIDEMGX.dll
[2008/01/21 03:24:30 | 000,289,792 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\hnetcfg.dll
[2010/02/23 07:33:44 | 000,184,320 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\iepeers.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\SLC.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

[color=#A23BEC]< %systemdrive%\*.sys /90 /md5 >[/color]
[2010/06/06 10:59:49 | 3264,860,160 | -HS- | M] ()[b] Unable to obtain MD5[/b] -- C:\pagefile.sys
[2010/06/01 11:39:40 | 000,093,056 | ---- | M] (GMER) MD5=54754317755D9E6A635D4F77483C6192 -- C:\uxlyqkow.sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:8173A019
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 1293 bytes -> C:\ProgramData\Microsoft:h1UPAcRHG0lMma4fAffds
@Alternate Data Stream - 1080 bytes -> C:\ProgramData\Microsoft:gjCGsP1kItgNJLcNRhxtx4ksCXF54
@Alternate Data Stream - 1058 bytes -> C:\Users\Henri\AppData\Local\GqBYpqXAjeEM:V3xcuuTtXGEQwXDL0Ps0yfHGw
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:364682BC
< End of report >


Extras.txt:


CODE
OTL Extras logfile created on: 06/06/2010 21:38:56 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Henri\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 51.50 Gb Free Space | 35.75% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 140.37 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEP_THOUGHT
Current User Name: Henri
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037A973B-E85D-4BA3-876C-08B18753E06E}" = lport=138 | protocol=17 | dir=in | app=system |
"{06DB05EB-5ECE-4D62-8013-98BC3E410F92}" = lport=445 | protocol=6 | dir=in | app=system |
"{1002E637-7809-4526-A741-0087E50D74D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1762AFE6-ABE0-4268-B5AA-3195A1FA6B2C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2861D0F0-49B9-4057-A054-4381C94F028A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{28BB3391-DB04-40B2-AD99-A1AFC57F2C91}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{39255C9F-E172-467E-B942-71E3CAE68865}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52704AEF-F598-4880-8D1F-4A8A82B55878}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{60529362-E2CA-4EBD-81CC-1BC92D908B91}" = rport=138 | protocol=17 | dir=out | app=system |
"{652DE224-A4E4-4D8F-9CDE-4E70E1F02570}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93CF251C-592D-4E0C-B061-80BEE267EB12}" = lport=22492 | protocol=17 | dir=in | name=bitcometlite 22492 udp |
"{A1EBECA6-4F75-4D05-9224-E229F0C7ED3D}" = rport=137 | protocol=17 | dir=out | app=system |
"{AFA5FD55-5D34-4FAE-9653-FDE2494D9ED5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B1EDEB1E-E6DB-406E-88DF-F8A8C7772485}" = lport=137 | protocol=17 | dir=in | app=system |
"{B3CB2D8D-E441-49FD-8B6D-24A8E022644D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B6349AB7-B09C-450A-8F41-51F973A3069F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B76F4055-FD80-48EF-801B-A6EBE49FDC6E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BAB3BE20-9FF9-457B-B55F-50E057C64C39}" = rport=139 | protocol=6 | dir=out | app=system |
"{BB42DA96-D40B-4AA5-AFA4-E02FCE956068}" = rport=445 | protocol=6 | dir=out | app=system |
"{BE133DAA-CA60-4C67-9B90-6AC70FE8CA3C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9056A8F-8D1E-4B4F-A053-140A1B71C1CE}" = lport=139 | protocol=6 | dir=in | app=system |
"{F923FBF3-D21A-48F0-B476-3969667D0E29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FDF79384-98AA-4324-B34D-F04A90B63FB0}" = lport=22492 | protocol=6 | dir=in | name=bitcometlite 22492 tcp |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060433DD-8360-488E-BDF4-BD06CC55051C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09691C9C-B3D8-44F4-ADBD-EC5F96BB1347}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0A0BAF99-979C-4EB0-9878-1D34769C11FA}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0B2FD4A3-AA13-4BC5-8C6E-359FA2DB15F9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0B4AEFA3-B387-4963-B51C-7781A520FC1A}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{0EA23316-6C9F-441A-95BF-93068FA5D71F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0F0C2C76-02CC-4301-A9AE-EF75AEF364B5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{20872168-1AD7-4873-A984-BCD95F6E5EB8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\multiwinia\multiwinia.exe |
"{2148EF6D-864F-4351-89B5-1939880C4AD0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{28A9EABB-D9C6-4662-9FA0-64DD129AB427}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{30D53435-F490-4D29-B214-44631C5DDE12}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{322C10A2-D790-4F99-BD24-159C7BAFB63A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{329EBAF6-CBFF-441A-AC33-C2143EDE3B0B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{32FC6F28-B599-49DC-A1DF-CCFC7CBF8C9E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{35A10206-C21E-43DF-BA9E-644CFF43C1E0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{374557D9-EE5F-4352-849C-5B1668D3D83B}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{407870A9-95F0-4577-8E5C-283A16B29DC0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{56AABF8C-8D87-4985-A89B-66113C76870A}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{5BB45129-00A4-4685-B3D3-86806FA679F7}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5BDEA25F-6A5E-4651-B6D7-16AD12430D4D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5F639353-6272-4335-829E-E6E962E4C12D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62F71B13-53FD-4C2F-A505-960D4278AC10}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6A563713-E600-4BB2-8299-A2F17363D4E8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{72F3235F-B627-4980-A935-9383FC6274E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{770DCAAF-55AE-48C9-9DC7-9A2C8C4EE28E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7A59C179-4E10-4D24-B899-E57DF998A918}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{7DA9C04B-CB8D-46E9-9778-453AE6E1AAFD}" = protocol=17 | dir=in | app=c:\users\henri\appdata\local\temp\ijjioptimizer.exe |
"{8173D217-FFAD-4A81-AEB7-D4B6B046CE12}" = protocol=6 | dir=in | app=c:\users\henri\appdata\local\temp\ijjioptimizer.exe |
"{8D0E8D9B-A7D4-4DB0-BC81-FD2325C610F8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8F06DD45-9844-4240-8892-3A0457E0E48A}" = protocol=17 | dir=in | app=c:\users\henri\appdata\local\temp\ijjioptimizer.exe |
"{94B8D735-4874-4DB4-A01A-EA0E6056CEE0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9A1517E3-35F8-4890-A87D-D02792300563}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9ECCC103-4E22-460F-9FAB-C3356B325245}" = protocol=6 | dir=in | app=c:\users\henri\appdata\local\temp\ijjioptimizer.exe |
"{A2DA1126-35D8-425C-8C8F-EAD96A216EDE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{A69027EB-959D-434A-9DFF-8439A7FE7C4F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A6918368-8363-4FB2-A466-24C502C082A9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\multiwinia\multiwinia.exe |
"{A6ECA909-353F-46C3-A768-25C19255905C}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{AEAE200C-7EF0-472C-A9EB-E0608AE438BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B1D04350-E912-477C-A096-E2C7C854ECE8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{B4866FC6-E596-439F-BAB9-3129D0B29663}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{BEA4339A-290B-410A-9F17-736F954AEB97}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C11AC3BE-4F8F-4DB0-A8B8-2ADE485FF159}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{C25D242B-168F-4769-BE95-7579143D32CB}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D3E442AC-4015-4DE1-9633-2BB8DC53C2F0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D4557908-0D48-4D28-AA1C-DB939F2AA290}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{DDF4B1F4-7306-42B0-9A19-3731D6D9E886}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E00D069A-C7DC-4831-848C-A55210DA7005}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E46BAC8F-1712-4318-A1A5-315C8E2BD631}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{E77E41F1-76B7-48ED-8D0A-42897184ECEA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{E8BE8EC4-2A70-4D4E-833C-E84F9DD22C04}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{EE506647-47CB-4263-A8A9-630E1BD535B6}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{F0E48DAC-E5C8-4A77-8EE1-9E12D6041481}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{F8BBB7B9-4B66-4733-8EDC-29A61EB8800F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0BEC0C4A-88A8-4139-8EDE-F4AFEAF9E871}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{0CB95F93-9A33-443D-B15E-205F5B5BFFBF}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{2C4972F9-2CE5-4F9A-AD35-4EB62890EA2D}C:\program files\cycles3d\cycles3d.exe" = protocol=6 | dir=in | app=c:\program files\cycles3d\cycles3d.exe |
"TCP Query User{3D3D8580-5D8E-4AB7-9263-F70F75E4D895}C:\users\henri\appdata\local\virtualstore\program files\subagames\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\users\henri\appdata\local\virtualstore\program files\subagames\metin2\metin2.bin |
"TCP Query User{40402AEA-4821-4991-B20B-3EB0FBC54743}C:\downloads\yuleech-bbo_patch_en_0_8_exe.exe" = protocol=6 | dir=in | app=c:\downloads\yuleech-bbo_patch_en_0_8_exe.exe |
"TCP Query User{467C6D4F-410E-4FC0-B36E-C087A4B0808E}C:\program files\steam\steamapps\sethiroth100\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sethiroth100\day of defeat source\hl2.exe |
"TCP Query User{4B596D17-B5D0-4D47-B27B-E2C1D92A7216}C:\users\henri\desktop\eclipse evolution 2.7\server\server.exe" = protocol=6 | dir=in | app=c:\users\henri\desktop\eclipse evolution 2.7\server\server.exe |
"TCP Query User{4CE2AD6C-0B50-4FA5-9BD2-D3391F8F8B2D}C:\program files\eclipse evolution 2.7\engine files\eclipse evolution 2.7\server\server.exe" = protocol=6 | dir=in | app=c:\program files\eclipse evolution 2.7\engine files\eclipse evolution 2.7\server\server.exe |
"TCP Query User{4D930F38-30DE-407B-A1B5-7295F7344C59}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{563730AC-1CE5-46F2-B345-0959B61CB46B}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{63998625-DDF5-4D63-944B-E838AD0512A5}C:\users\henri\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\henri\program files\dna\btdna.exe |
"TCP Query User{696DF73D-4CB9-4198-A488-F35D171F54A4}C:\downloads\conquer_v5101.exe" = protocol=6 | dir=in | app=c:\downloads\conquer_v5101.exe |
"TCP Query User{94AD2C9B-3675-446F-BE11-681A18E648E6}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{9FA8689F-5C7B-48D3-8620-1951EEC6D291}C:\program files\steam\steamapps\sethiroth100\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sethiroth100\insurgency\hl2.exe |
"TCP Query User{A503F8C1-F080-4AC8-8750-53FA4700AFC9}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{BC64C3C6-76FC-4F95-A094-6C9832E0FD19}C:\program files\steam\steamapps\sethiroth100\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\sethiroth100\counter-strike source\hl2.exe |
"TCP Query User{EBFDA588-8F72-4A23-8DB2-C64DB0380510}C:\ijji\english\u_gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gunz.exe |
"TCP Query User{F3347D58-FB4E-4B22-98BB-F5E0E9ED9F26}C:\downloads\yuleech-bbo_en_setup_08_exe.exe" = protocol=6 | dir=in | app=c:\downloads\yuleech-bbo_en_setup_08_exe.exe |
"TCP Query User{F3765A6A-C441-40E0-BA8D-90B196B53DB5}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F7AE7876-C8A6-472F-B0A6-860BFF1383A5}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{0CB82A69-997D-433F-802F-B18C97674721}C:\program files\steam\steamapps\sethiroth100\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sethiroth100\insurgency\hl2.exe |
"UDP Query User{1811B894-1A05-4375-A5B0-A6224EE68EC5}C:\downloads\conquer_v5101.exe" = protocol=17 | dir=in | app=c:\downloads\conquer_v5101.exe |
"UDP Query User{1EBFEC9D-968F-4449-9F5B-CBD3E218E68E}C:\users\henri\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\henri\program files\dna\btdna.exe |
"UDP Query User{2A3CE1C9-70B3-4D58-A661-C803786C8BFF}C:\users\henri\appdata\local\virtualstore\program files\subagames\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\users\henri\appdata\local\virtualstore\program files\subagames\metin2\metin2.bin |
"UDP Query User{3BE1BEB9-5C98-4506-BECB-DC091B764594}C:\program files\steam\steamapps\sethiroth100\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sethiroth100\counter-strike source\hl2.exe |
"UDP Query User{4546FAE6-7784-4E79-B945-3AABB41654A9}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{47414EED-4E09-4D8F-8FD0-465EAEF9D974}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{4A68BAFE-9E94-4D07-AAF8-6BE1892F00BF}C:\users\henri\desktop\eclipse evolution 2.7\server\server.exe" = protocol=17 | dir=in | app=c:\users\henri\desktop\eclipse evolution 2.7\server\server.exe |
"UDP Query User{640D2ED6-270C-44F4-AF10-898D11371C6A}C:\downloads\yuleech-bbo_en_setup_08_exe.exe" = protocol=17 | dir=in | app=c:\downloads\yuleech-bbo_en_setup_08_exe.exe |
"UDP Query User{8337EBD5-8208-40B4-B94E-AB3F7A34A7DE}C:\ijji\english\u_gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gunz.exe |
"UDP Query User{8BBB8D23-0A17-4C80-86AB-100F58968EC4}C:\program files\steam\steamapps\sethiroth100\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\sethiroth100\day of defeat source\hl2.exe |
"UDP Query User{90A4D908-BEF5-46F9-B3B3-A9F68FA738E8}C:\downloads\yuleech-bbo_patch_en_0_8_exe.exe" = protocol=17 | dir=in | app=c:\downloads\yuleech-bbo_patch_en_0_8_exe.exe |
"UDP Query User{A1B902F0-86BC-45E9-93EB-9D742ECC2680}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A70FB519-7C85-4DDC-8435-E90411F7CF7F}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C637577A-48D0-4634-8AA8-1FE7CC0C7F8D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{CE976182-74E0-4FF3-B0FC-7B6A2A8E4352}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{DCD2603A-F1BB-4E87-9885-1057DD3F3CB4}C:\program files\eclipse evolution 2.7\engine files\eclipse evolution 2.7\server\server.exe" = protocol=17 | dir=in | app=c:\program files\eclipse evolution 2.7\engine files\eclipse evolution 2.7\server\server.exe |
"UDP Query User{E9FA5C70-F976-48D6-84DC-91DFB7FB6059}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{F53DCD4D-A9C2-4A9E-9D5C-93187663BD83}C:\program files\cycles3d\cycles3d.exe" = protocol=17 | dir=in | app=c:\program files\cycles3d\cycles3d.exe |
"UDP Query User{FD442FD0-45C4-4137-AA29-28BFB73284EF}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01A9C1F8-9F3E-A0B9-B4DA-0D91D41BCF91}" = Catalyst Control Center HydraVision Full
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A3B1207-6E28-DD5E-323F-DBC6ADD5B7DA}" = Catalyst Control Center Graphics Previews Vista
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D06637C-6624-433C-A807-C34D45DAB184}" = SearchTheWeb
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13CDB886-34E0-E8A4-A186-E735070DB5E9}" = Catalyst Control Center Graphics Previews Common
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23734E07-35AD-6E7F-AD27-CB906015BCCC}" = Catalyst Control Center Graphics Light
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34306B7C-3556-DA75-EBEA-C2D8025D5C00}" = ccc-utility
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8D323F-21EF-59CA-AD28-5A3DDB08A206}" = Catalyst Control Center Graphics Full New
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{88AD1843-8E39-5215-7FC0-294B16C87C7C}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A73A8DFE-C038-771D-7E02-E10489D5FDE2}" = Catalyst Control Center InstallProxy
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8.3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6060381-5C28-4F86-A31A-B5ADA7A1BD8D}" = Conquer 2.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD9137C8-98D0-5B0B-824D-07263F8CF39D}" = Catalyst Control Center Core Implementation
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{BF19FE33-C168-04D1-9E58-17E7248B9EF7}" = ATI Catalyst Install Manager
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C50A1D73-0CF8-4BEA-876B-30D6B381A493}" = Dark Basic Professional CD 1.057 Upgrade
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4EAC706-D24F-FB71-BA20-A143CC2ECBFF}" = Catalyst Control Center Graphics Full Existing
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6616D78-B14A-2889-DA99-8298E8BC9692}" = ccc-core-static
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"AC3File_is1" = AC3File 0.6b
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AhnLab Online Security" = AhnLab Online Security
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"Avidemux 2.4" = Avidemux 2.4
"AVS Audio Editor_is1" = AVS Audio Editor version 5.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Blender" = Blender (remove only)
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"Cross Fire_is1" = Cross Fire En
"Cycles3D" = Cycles3D (remove only)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Exterminate It!" = Exterminate It!
"FL Studio 9" = FL Studio 9
"Game Maker 7.0" = Game Maker 7.0
"Game Maker 7.0 PRO Crack" = Game Maker 7.0 PRO Crack
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.12
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Panda3D Game Engine" = Panda3D Game Engine
"PoiZone" = PoiZone
"PopCap Browser Plugin" = PopCap Browser Plugin
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"Sawer" = Sawer
"SearchTheWeb" = SearchTheWeb
"Steam App 17700" = Insurgency
"Steam App 211" = Source SDK
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 26810" = Braid Demo
"Steam App 300" = Day of Defeat: Source
"Steam App 55010" = Flotilla Demo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"Trojan Remover_is1" = Trojan Remover 6.8.1
"Unity" = Unity
"VideoGet_is1" = Nuclear Coffee - VideoGet
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zeallsoft Super Screen Recorder_is1" = Zeallsoft Super Screen Recorder 4.2

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 21/05/2010 12:02:30 | Computer Name = Deep_Thought | Source = WinMgmt | ID = 10
Description =

Error - 21/05/2010 14:47:43 | Computer Name = Deep_Thought | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 22/05/2010 12:39:57 | Computer Name = Deep_Thought | Source = WinMgmt | ID = 10
Description =

Error - 22/05/2010 14:14:57 | Computer Name = Deep_Thought | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 23/05/2010 06:54:22 | Computer Name = Deep_Thought | Source = WinMgmt | ID = 10
Description =

Error - 23/05/2010 07:26:34 | Computer Name = Deep_Thought | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 24/05/2010 06:58:15 | Computer Name = Deep_Thought | Source = WinMgmt | ID = 10
Description =

Error - 24/05/2010 09:35:59 | Computer Name = Deep_Thought | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 24/05/2010 12:31:28 | Computer Name = Deep_Thought | Source = WinMgmt | ID = 10
Description =

Error - 24/05/2010 15:27:18 | Computer Name = Deep_Thought | Source = Application Hang | ID = 1002
Description = The program devcpp.exe version 4.9.9.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel.  Process
ID: 1484  Start Time: 01cafb76ffc40239  Termination Time: 98

[ Media Center Events ]
Error - 08/01/2010 06:54:08 | Computer Name = Deep_Thought | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105  Process: DefaultDomain Object Name: Media Center Guide

Error - 09/01/2010 10:03:30 | Computer Name = Deep_Thought | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105  Process: DefaultDomain Object Name: Media Center Guide

Error - 14/01/2010 13:05:26 | Computer Name = Deep_Thought | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105  Process: DefaultDomain Object Name: Media Center Guide

Error - 31/01/2010 17:54:07 | Computer Name = Deep_Thought | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105  Process: DefaultDomain Object Name: Media Center Guide

Error - 19/02/2010 15:59:55 | Computer Name = Deep_Thought | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105  Process: DefaultDomain Object Name: Media Center Guide

Error - 19/02/2010 19:14:27 | Computer Name = Deep_Thought | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105  Process: DefaultDomain Object Name: Media Center Guide

Error - 10/04/2010 11:48:23 | Computer Name = Deep_Thought | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105  Process: DefaultDomain Object Name: Media Center Guide

Error - 10/04/2010 11:48:26 | Computer Name = Deep_Thought | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105  Process: DefaultDomain Object Name: Media Center Guide

Error - 17/04/2010 14:14:39 | Computer Name = Deep_Thought | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105  Process: DefaultDomain Object Name: Media Center Guide

Error - 07/05/2010 12:10:36 | Computer Name = Deep_Thought | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105  Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 01/06/2010 06:39:39 | Computer Name = Deep_Thought | Source = Service Control Manager | ID = 7001
Description =

Error - 01/06/2010 06:39:39 | Computer Name = Deep_Thought | Source = Service Control Manager | ID = 7001
Description =

Error - 01/06/2010 06:39:39 | Computer Name = Deep_Thought | Source = Service Control Manager | ID = 7001
Description =

Error - 01/06/2010 12:44:12 | Computer Name = Deep_Thought | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:42:29 on 01/06/2010 was unexpected.

Error - 01/06/2010 13:22:08 | Computer Name = Deep_Thought | Source = DCOM | ID = 10010
Description =

Error - 02/06/2010 15:59:06 | Computer Name = Deep_Thought | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{B211CCB5-CF67-4DB3-99F7-D1BA07DE6609}
because another computer on the network has the same name.  The server could not
start.

Error - 03/06/2010 15:38:19 | Computer Name = Deep_Thought | Source = Service Control Manager | ID = 7034
Description =

Error - 03/06/2010 15:38:24 | Computer Name = Deep_Thought | Source = Service Control Manager | ID = 7030
Description =

Error - 03/06/2010 16:09:40 | Computer Name = Deep_Thought | Source = Service Control Manager | ID = 7030
Description =

Error - 05/06/2010 14:25:16 | Computer Name = Deep_Thought | Source = Service Control Manager | ID = 7034
Description =


< End of report >



#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:24 PM

Posted 08 June 2010 - 01:21 PM

How is it running after these steps?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 FinalFanatic

FinalFanatic
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 08 June 2010 - 03:20 PM

It appears to running smoothly now, unless I run any media files (music for example, or any videos played through websites such as YouTube). When it begins playing the CPU usage appears to jump up to 100%, and I get a major slowdown accompanied by crackly sound. Perhaps this problem is not malware related? I can't see anything else that would cause it, my drivers are all up to date. However everything else appears to be running smoothly now.

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:24 PM

Posted 11 June 2010 - 04:15 PM

Hi,


Please download and run Processexplorer


http://technet.microsoft.com/de-de/sysinte...s/bb896653.aspx

There you will see all running processes. You can click on a process to see all files running under this process. Please let me know which file/process is using the cpu high when the system freezes.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:24 PM

Posted 15 June 2010 - 12:38 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users