Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Virus/Malware blocks programs and causes multiplae crashes


  • This topic is locked This topic is locked
5 replies to this topic

#1 hichael

hichael

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 21 September 2010 - 10:12 AM

The recent days i have had multiple strange issues with my computer. It all started when got bit defender & PC tools spyware doctor. Spyware doctor found a Trojan '' Trojan-Downloader.Murlo'', and deleted it. Then when i was about to play a game (warcraft 3) it suddenly said it was a suspicious activity - alltho i have played it for along time. I ignored the warning and played, but afterwards i decided to delete the game since no other application got this warning popup when activated. After it was deleted i started to have strange problems in all sorts of forms. The firewall & anti virus got blocked, the computer started to act really slow, and multiple crashes. The past 2 days i have probably had to push reboot 10 times a day due to the computer freezing when opening programs. When i search for viruses with bit defender it finds nothing, but still the scan doesn't complete since i have to reboot due to the computer is frozen after scan when i come home (takes 5 hours for full scan so i turn it on for ex in the morning). I have a strong feeling that i have some major malware on my computer that is hidden from scan.


I use Bit Defender Internet Security 2011 for firewall and anti-virus and PC tools Spyware doctor & Malwarebytes anti malware for anti spyware/malware.







Enough talk, here is the log from Hijackthis:





MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\PC Tools Security\pctsGui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Hichael\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\gossiper\tbgoss.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\gossiper\tbgoss.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Gainward] C:\Windows\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCTools FGuard] D:\PC Tools Security\BDT\FGuard.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"
O4 - HKLM\..\Run: [ISTray] "D:\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - D:\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Googles oppdateringstjeneste (gupdate1ca5b2ee9acfdb1) (gupdate1ca5b2ee9acfdb1) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\PC Tools Security\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - J:\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: ThreatFire - PC Tools - D:\PC Tools Security\TFEngine\TFService.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

--
End of file - 8953 bytes





BC AdBot (Login to Remove)

 


#2 hichael

hichael
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 22 September 2010 - 03:35 PM


I failed to include the Gmer & DDS files in my first post, I am sorry about that. Anyways, here are the logs:





DDS (Ver_10-03-17.01) - NTFSx86
Run by Hichael at 21:34:40,10 on 22.09.2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.47.1044.18.3326.1823 [GMT 2:00]

SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\PC Tools Security\pctsAuxs.exe
D:\PC Tools Security\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\PC Tools Security\BDT\FGuard.exe
D:\PC Tools Security\pctsGui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\PC Tools Security\TFEngine\TFService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\PC Tools Security\Update.exe
D:\cobainbackup\cbVSCService.exe
D:\cobainbackup\cbService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Hichael\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Program Files\BitDefender\BitDefender 2011\downloader.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: gossiper Toolbar: {0a452a47-c5a8-4854-a237-4b9b06b376f0} - c:\program files\gossiper\tbgoss.dll
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - d:\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: gossiper Toolbar: {0a452a47-c5a8-4854-a237-4b9b06b376f0} - c:\program files\gossiper\tbgoss.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - d:\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - Google Dictionary Compression sdch
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: gossiper Toolbar: {0a452a47-c5a8-4854-a237-4b9b06b376f0} - c:\program files\gossiper\tbgoss.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - d:\pc tools security\bdt\PCTBrowserDefender.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] D:\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Gainward] c:\windows\TBPanel.exe /A
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PCTools FGuard] d:\pc tools security\bdt\FGuard.exe
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"
mRun: [ISTray] "d:\pc tools security\pctsGui.exe" /hideGUI
mRun: [Cobian Backup 10 Interface] d:\cobainbackup\cbInterface.exe -service
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\hichael\appdata\roaming\mozilla\firefox\profiles\hwf019no.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\bitdefender\bitdefender 2011\bdaphffext\components\bdaphff3.dll
FF - component: d:\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-19 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-9-19 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-9-19 656320]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-9-19 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-9-19 68880]
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-6-18 72784]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-9-19 247824]
R1 SASDIFSV;SASDIFSV;D:\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;D:\SASKUTIL.SYS [2010-5-10 67656]
R1 SSHDRV77;SSHDRV77;c:\windows\system32\drivers\SSHDRV77.sys [2008-8-15 79360]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\pc tools security\bdt\BDTUpdateService.exe [2010-9-19 235472]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;d:\cobainbackup\cbVSCService.exe [2010-9-22 67584]
R2 CobianBackup10;Cobian Backup 10;d:\cobainbackup\cbService.exe [2010-9-22 1125376]
R2 sdAuxService;PC Tools Auxiliary Service;d:\pc tools security\pctsAuxs.exe [2010-9-19 366840]
R2 sdCoreService;PC Tools Security Service;d:\pc tools security\pctsSvc.exe [2010-9-19 1145816]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2010-8-10 42400]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-5-13 152528]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-9-19 70536]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-9-19 33552]
R3 ThreatFire;ThreatFire;d:\pc tools security\tfengine\tfservice.exe service --> d:\pc tools security\tfengine\TFService.exe service [?]
S2 gupdate1ca5b2ee9acfdb1;Googles oppdateringstjeneste (gupdate1ca5b2ee9acfdb1);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 StarWindServiceAE;StarWind AE Service;j:\alcohol 120\starwind\starwindserviceae.exe --> j:\alcohol 120\starwind\StarWindServiceAE.exe [?]
S3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [2009-3-6 82432]
S3 FontCache;Windows skriftbuffertjeneste;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-17 21504]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJAsioK.sys [2009-3-6 132096]
S3 HDJMidi;Hercules DJ Console Mk2 MIDI;c:\windows\system32\drivers\HDJMidi.sys [2009-3-6 96768]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-19 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-7-23 307544]
S4 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-6-28 633424]
S4 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-6-28 970320]

=============== Created Last 30 ================

2010-09-22 19:01:38 20 -c--a-w- c:\users\hichael\defogger_reenable
2010-09-20 20:07:49 0 d-----w- c:\programdata\bdch
2010-09-20 17:48:24 0 d-----w- c:\users\hichael\appdata\roaming\BitDefender
2010-09-20 17:48:06 0 dc----w- c:\program files\BitDefender
2010-09-20 17:43:56 0 d-----w- c:\programdata\BitDefender
2010-09-20 17:43:56 0 d-----w- c:\program files\common files\BitDefender
2010-09-20 17:43:52 327368 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-09-20 17:43:52 253072 ----a-w- c:\windows\system32\drivers\Trufos.sys
2010-09-20 17:21:30 0 ----a-w- c:\windows\system32\?????
2010-09-20 17:08:54 0 dc----w- c:\users\hichael\{4d8bfa4a-b6fd-4243-ba60-d31816b519c0}
2010-09-20 09:56:25 0 d-----w- c:\users\hichael\appdata\roaming\SUPERAntiSpyware.com
2010-09-20 09:56:25 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-19 17:23:41 68880 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-19 17:23:41 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-19 17:23:40 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-19 17:02:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 17:02:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-19 16:50:21 882 -c--a-w- c:\windows\RegSDImport.xml
2010-09-19 16:50:21 879 -c--a-w- c:\windows\RegISSImport.xml
2010-09-19 16:50:21 767952 -c--a-w- c:\windows\BDTSupport.dll
2010-09-19 16:50:21 739280 -c--a-w- c:\windows\PCTBDRes.dll
2010-09-19 16:50:21 2074 -c--a-w- c:\windows\UDB.zip
2010-09-19 16:50:21 1865680 -c--a-w- c:\windows\PCTBDCore.dll
2010-09-19 16:50:21 149456 -c--a-w- c:\windows\SGDetectionTool.dll
2010-09-19 16:50:21 131 -c--a-w- c:\windows\IDB.zip
2010-09-19 16:49:09 2129984 ----a-w- c:\windows\system32\drivers\Cat.DB
2010-09-19 16:49:08 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2010-09-19 16:49:08 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2010-09-19 16:49:07 247824 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-19 16:49:07 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-09-19 16:49:05 237632 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-19 16:49:05 159296 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-19 16:49:00 87400 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-09-19 16:49:00 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-09-19 16:48:59 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-19 16:48:59 123968 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-09-19 16:48:42 0 d-----w- c:\users\hichael\appdata\roaming\PC Tools
2010-09-19 16:48:42 0 d-----w- c:\program files\common files\PC Tools
2010-09-19 16:46:49 0 d-----w- c:\programdata\PC Tools
2010-09-16 12:08:21 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-16 12:08:21 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-16 12:07:47 0 dc----w- c:\program files\iPod
2010-09-16 12:07:43 0 dc----w- c:\program files\iTunes
2010-09-16 12:07:43 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-16 12:02:58 0 dc----w- c:\program files\Bonjour
2010-09-15 21:58:07 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 21:58:06 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 21:58:06 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 21:58:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-05 16:29:23 16 ----a-w- c:\windows\system32\asdict.dat
2010-09-05 16:27:26 415 ----a-w- c:\windows\system32\user_gensett.xml
2010-09-05 15:53:00 0 d-----w- c:\users\hichael\appdata\roaming\QuickScan
2010-09-05 15:51:37 194526 ----a-w- c:\programdata\bdinstall.bin
2010-08-26 13:24:02 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-26 13:24:02 77824 ----a-w- c:\windows\system32\xvid.ax
2010-08-26 13:24:02 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-26 13:24:02 0 dc----w- c:\program files\Xvid

==================== Find3M ====================

2010-09-22 19:27:36 81532 ----a-w- c:\windows\system32\perfc014.dat
2010-09-22 19:27:36 462612 ----a-w- c:\windows\system32\perfh014.dat
2010-09-20 17:49:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-20 17:49:08 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-20 17:49:08 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-27 16:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 16:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-17 18:07:55 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-17 01:16:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-05-17 14:11:04 174 --sha-w- c:\program files\desktop.ini
2006-11-21 05:12:58 35166 ----a-w- c:\windows\inf\perflib\0414\perfd.dat
2006-11-21 05:12:58 35166 ----a-w- c:\windows\inf\perflib\0414\perfc.dat
2006-11-21 05:12:58 294254 ----a-w- c:\windows\inf\perflib\0414\perfi.dat
2006-11-21 05:12:58 294254 ----a-w- c:\windows\inf\perflib\0414\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:37:04,73 ===============

My GMer log is too big to attach it seems (1,1 MB)

Attached Files


Edited by hichael, 22 September 2010 - 03:44 PM.
2 topics merged ~Pandy


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:08 AM

Posted 27 September 2010 - 09:15 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 hichael

hichael
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 01 October 2010 - 12:07 PM

I'm still having problems, and some parts have gotten worse. The main thing i struggle with now is programs freezing when executed and explorer.exe stops to work literally all the time. As a matter of fact, when i was about to download ''OTL.exe'' firefox crashed 4 times before i could get it on my computer. In addition to these freezes and crashes my antivirus (bit defender) deactivates and will not reactivate when i tell it to do so. It suddenly acts like i have no user created, even tho i paid for it. This issue tend to get resolved when i restart my computer 2 times, but when for example i return to my computer after school, it has been deactivated all of a sudden. I have never before had these problems. I have also had some spam problems on my mail, if it's

Since i posted the topic i have not tried to use any new virus cleaning programs, only scans using malwarebytes anti malware, spyware doctor and those i already had when i wrote the topic. And still there are no traces whatsoever of any harmful program on my computer according to the scans, but it seems that some files are hidden and password protected, even tho i don't have any password protected files.




OTL logfile created on: 01.10.2010 18:31:47 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Hichael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,30 Gb Total Space | 0,90 Gb Free Space | 3,08% Space Free | Partition Type: NTFS
Drive D: | 436,46 Gb Total Space | 221,48 Gb Free Space | 50,75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HICHAEL-PC
Current User Name: Hichael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.10.01 18:29:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Hichael\Desktop\OTL.exe
PRC - [2010.09.20 19:50:49 | 001,405,072 | ---- | M] (BitDefender S.R.L.) -- C:\Programfiler\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2010.09.20 19:50:10 | 001,886,576 | ---- | M] (BitDefender S.R.L.) -- C:\Programfiler\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2010.09.07 08:42:10 | 001,588,184 | ---- | M] (PC Tools) -- D:\PC Tools Security\pctsGui.exe
PRC - [2010.09.02 15:00:30 | 000,751,568 | ---- | M] (Threat Expert Ltd.) -- D:\PC Tools Security\BDT\PCTBDUpdate.exe
PRC - [2010.09.02 15:00:28 | 000,235,472 | ---- | M] (Threat Expert Ltd.) -- D:\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2010.09.02 14:48:16 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- D:\PC Tools Security\BDT\FGuard.exe
PRC - [2010.08.30 08:03:22 | 001,145,816 | ---- | M] (PC Tools) -- D:\PC Tools Security\pctsSvc.exe
PRC - [2010.08.26 11:39:46 | 000,070,928 | ---- | M] (PC Tools) -- D:\PC Tools Security\TFEngine\TFService.exe
PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programfiler\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.08.10 13:59:44 | 000,042,400 | ---- | M] (BitDefender S.R.L.) -- C:\Programfiler\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2010.08.10 13:57:26 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Programfiler\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2010.07.29 10:19:44 | 000,101,640 | ---- | M] (BitDefender) -- C:\Programfiler\BitDefender\BitDefender 2011\downloader.exe
PRC - [2010.05.01 22:24:16 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programfiler\Mozilla Firefox\firefox.exe
PRC - [2010.03.15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) -- D:\PC Tools Security\pctsAuxs.exe
PRC - [2009.10.15 21:58:03 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.09.10 16:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmplayer.exe
PRC - [2009.07.26 17:44:22 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnscfg.exe
PRC - [2007.06.11 16:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) -- C:\Programfiler\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2007.04.02 15:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Programfiler\Creative\Shared Files\CTDevSrv.exe


========== Modules (SafeList) ==========

MOD - [2010.10.01 18:29:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Hichael\Desktop\OTL.exe
MOD - [2010.09.20 19:53:25 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programfiler\BitDefender\BitDefender 2011\Active Virus Control\Midas_00067_002\plugin_extra.m32
MOD - [2010.09.20 19:53:25 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programfiler\BitDefender\BitDefender 2011\Active Virus Control\Midas_00067_002\plugin_net.m32
MOD - [2010.09.20 19:53:23 | 000,278,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programfiler\BitDefender\BitDefender 2011\Active Virus Control\Midas_00067_002\plugin_nt.m32
MOD - [2010.09.20 19:53:23 | 000,151,552 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programfiler\BitDefender\BitDefender 2011\Active Virus Control\Midas_00067_002\plugin_base.m32
MOD - [2010.09.20 19:53:22 | 000,667,648 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programfiler\BitDefender\BitDefender 2011\Active Virus Control\Midas_00067_002\plugin_fragments.m32
MOD - [2010.09.20 19:53:22 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programfiler\BitDefender\BitDefender 2011\Active Virus Control\Midas_00067_002\plugin_registry.m32
MOD - [2010.09.20 19:53:21 | 000,237,504 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programfiler\BitDefender\BitDefender 2011\Active Virus Control\Midas_00067_002\midas32.dll
MOD - [2010.08.26 11:39:46 | 000,406,800 | ---- | M] (PC Tools) -- D:\PC Tools Security\TFEngine\TFWAH.dll
MOD - [2010.08.04 12:19:26 | 000,157,768 | ---- | M] (PC Tools) -- D:\PC Tools Security\smum32.dll
MOD - [2010.08.04 12:19:26 | 000,150,576 | ---- | M] (PC Tools) -- D:\PC Tools Security\PCTGMhk.dll
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- J:\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca5b2ee9acfdb1) Googles oppdateringstjeneste (gupdate1ca5b2ee9acfdb1)
SRV - [2010.09.20 19:50:10 | 001,886,576 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2010.09.02 15:00:28 | 000,235,472 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- D:\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.08.30 08:03:22 | 001,145,816 | ---- | M] (PC Tools) [Auto | Running] -- D:\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010.08.26 11:39:46 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- D:\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.08.10 13:59:44 | 000,042,400 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010.07.23 09:51:36 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programfiler\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010.07.01 00:32:00 | 003,563,392 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.03.15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- D:\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programfiler\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.11 16:01:24 | 000,086,016 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Programfiler\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2007.04.02 15:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programfiler\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ManyCam.sys -- (ManyCam)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\FXDrv32.sys -- (FXDrv32)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.09.20 19:43:55 | 000,067,152 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Programfiler\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2010.09.01 10:13:04 | 000,247,824 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010.08.27 08:26:40 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010.08.26 11:39:46 | 000,068,880 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010.08.26 11:39:46 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010.08.26 11:39:46 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010.08.18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010.07.27 12:50:00 | 000,253,072 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2010.07.16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010.07.16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010.07.09 15:08:14 | 000,327,368 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010.06.28 12:55:42 | 000,970,320 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010.06.28 12:55:36 | 000,633,424 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010.06.18 19:11:40 | 000,126,416 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programfiler\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (Bdftdif)
DRV - [2010.06.18 16:11:44 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Programfiler\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010.05.13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (BDFM)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.07.24 18:44:01 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.24 18:43:59 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-lyddriver (WDM)
DRV - [2009.03.28 00:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.12.09 17:42:02 | 000,082,432 | ---- | M] (© Guillemot R&D, 2008. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2008.12.09 11:48:50 | 000,132,096 | ---- | M] (© Guillemot R&D, 2008. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2008.12.05 18:03:24 | 000,096,768 | ---- | M] (Hercules Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2008.08.15 17:53:21 | 000,079,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV77.sys -- (SSHDRV77)
DRV - [2008.08.03 18:00:04 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.05 16:25:17 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.01.19 07:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007.03.16 04:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006.08.16 10:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MA_CMIDI.SYS -- (MA_CMIDI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Programfiler\gossiper\tbgoss.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programfiler\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\..\URLSearchHook: {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Programfiler\gossiper\tbgoss.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programfiler\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programfiler\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: D:\PC Tools Security\BDT\Firefox\ [2010.09.19 18:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2010.09.20 22:01:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 14:06:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 14:06:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2010.09.20 19:48:26 | 000,000,000 | ---D | M]

[2009.11.19 15:18:49 | 000,000,000 | ---D | M] -- C:\Users\Hichael\AppData\Roaming\mozilla\Extensions
[2010.09.30 22:37:52 | 000,000,000 | ---D | M] -- C:\Users\Hichael\AppData\Roaming\mozilla\Firefox\Profiles\hwf019no.default\extensions
[2008.05.05 17:30:25 | 000,000,000 | ---D | M] (gossiper Toolbar) -- C:\Users\Hichael\AppData\Roaming\mozilla\Firefox\Profiles\hwf019no.default\extensions\{0a452a47-c5a8-4854-a237-4b9b06b376f0}
[2008.07.24 17:26:02 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Hichael\AppData\Roaming\mozilla\Firefox\Profiles\hwf019no.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.07.25 03:03:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hichael\AppData\Roaming\mozilla\Firefox\Profiles\hwf019no.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.26 03:18:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hichael\AppData\Roaming\mozilla\Firefox\Profiles\hwf019no.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.07.25 03:13:17 | 000,000,682 | ---- | M] () -- C:\Users\Hichael\AppData\Roaming\Mozilla\FireFox\Profiles\hwf019no.default\searchplugins\ask.xml
[2008.04.19 17:08:02 | 000,002,921 | ---- | M] () -- C:\Users\Hichael\AppData\Roaming\Mozilla\FireFox\Profiles\hwf019no.default\searchplugins\daemon-search.xml
[2009.04.04 20:11:15 | 000,001,843 | ---- | M] () -- C:\Users\Hichael\AppData\Roaming\Mozilla\FireFox\Profiles\hwf019no.default\searchplugins\LiveSearch.xml
[2009.09.07 13:52:34 | 000,009,941 | ---- | M] () -- C:\Users\Hichael\AppData\Roaming\Mozilla\FireFox\Profiles\hwf019no.default\searchplugins\mywebsearch.xml
[2010.09.19 18:56:22 | 000,002,698 | ---- | M] () -- C:\Users\Hichael\AppData\Roaming\Mozilla\FireFox\Profiles\hwf019no.default\searchplugins\search-defender.xml
[2010.07.19 22:38:33 | 000,001,201 | ---- | M] () -- C:\Users\Hichael\AppData\Roaming\Mozilla\FireFox\Profiles\hwf019no.default\searchplugins\winamp-search.xml
[2010.09.05 18:29:27 | 000,000,000 | ---D | M] -- C:\Programfiler\Mozilla Firefox\extensions
[2010.07.17 20:08:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 20:07:58 | 000,423,656 | ---- | M] (Oracle) -- C:\Programfiler\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.09.12 08:21:03 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programfiler\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.05.01 22:24:20 | 000,001,525 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.05.01 22:24:20 | 000,000,955 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\bok-NO.xml
[2010.05.01 22:24:20 | 000,000,968 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\qxl-NO.xml
[2010.05.01 22:24:20 | 000,001,203 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml
[2010.05.01 22:24:20 | 000,001,176 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\wikipedia-NO.xml
[2010.05.01 22:24:20 | 000,000,888 | ---- | M] () -- C:\Programfiler\Mozilla Firefox\searchplugins\yahoo-NO.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programfiler\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programfiler\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Påloggingshjelp for Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programfiler\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (gossiper Toolbar) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Programfiler\gossiper\tbgoss.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Programfiler\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programfiler\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\..\Toolbar\WebBrowser: (gossiper Toolbar) - {0A452A47-C5A8-4854-A237-4B9B06B376F0} - C:\Programfiler\gossiper\tbgoss.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - D:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programfiler\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Programfiler\free-downloads.net\tbfree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Gainward] C:\Windows\TBPanel.exe (Gainward Co.)
O4 - HKLM..\Run: [ISTray] D:\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCTools FGuard] D:\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1753206580-1660478298-384942841-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1753206580-1660478298-384942841-1000..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1753206580-1660478298-384942841-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programfiler\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 192.168.10.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hichael\AppData\Roaming\Microsoft\Windows Photo Gallery\Bakgrunn for Windows Fotogalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hichael\AppData\Roaming\Microsoft\Windows Photo Gallery\Bakgrunn for Windows Fotogalleri.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.05 01:03:57 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programfiler\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9BB89DE4-8A0F-4194-B64B-22FB00479AE3} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: midi2 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010.10.01 18:29:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Hichael\Desktop\OTL.exe
[2010.09.22 22:22:31 | 000,000,000 | ---D | C] -- C:\Users\Hichael\CD95F661A5C444F5A6AAECDD91C240BD.TMP
[2010.09.20 22:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2010.09.20 19:49:26 | 000,000,000 | ---D | C] -- C:\Users\Hichael\AppData\Local\Threat Expert
[2010.09.20 19:48:24 | 000,000,000 | ---D | C] -- C:\Users\Hichael\AppData\Roaming\BitDefender
[2010.09.20 19:48:06 | 000,000,000 | ---D | C] -- C:\Programfiler\BitDefender
[2010.09.20 19:43:56 | 000,000,000 | ---D | C] -- C:\Programfiler\Common Files\BitDefender
[2010.09.20 19:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010.09.20 19:43:52 | 000,327,368 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2010.09.20 19:43:52 | 000,253,072 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys
[2010.09.20 19:08:54 | 000,000,000 | ---D | C] -- C:\Users\Hichael\{4d8bfa4a-b6fd-4243-ba60-d31816b519c0}
[2010.09.20 11:56:25 | 000,000,000 | ---D | C] -- C:\Users\Hichael\AppData\Roaming\SUPERAntiSpyware.com
[2010.09.20 11:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.09.19 19:23:41 | 000,068,880 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010.09.19 19:23:41 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010.09.19 19:23:40 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010.09.19 19:02:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.19 19:02:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.19 18:50:21 | 001,865,680 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.09.19 18:50:21 | 000,739,280 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.09.19 18:50:21 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.09.19 18:49:08 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010.09.19 18:49:08 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010.09.19 18:49:07 | 000,247,824 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.09.19 18:49:07 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.09.19 18:49:05 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.09.19 18:49:05 | 000,159,296 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.09.19 18:49:00 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010.09.19 18:49:00 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010.09.19 18:48:59 | 000,123,968 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010.09.19 18:48:59 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.09.19 18:48:42 | 000,000,000 | ---D | C] -- C:\Users\Hichael\AppData\Roaming\PC Tools
[2010.09.19 18:48:42 | 000,000,000 | ---D | C] -- C:\Programfiler\Common Files\PC Tools
[2010.09.19 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.09.16 14:08:21 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.09.16 14:07:47 | 000,000,000 | ---D | C] -- C:\Programfiler\iPod
[2010.09.16 14:07:43 | 000,000,000 | ---D | C] -- C:\Programfiler\iTunes
[2010.09.16 14:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.09.16 14:06:04 | 000,000,000 | ---D | C] -- C:\Programfiler\QuickTime
[2010.09.16 14:02:58 | 000,000,000 | ---D | C] -- C:\Programfiler\Bonjour
[2010.09.15 23:58:07 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.05 17:53:00 | 000,000,000 | ---D | C] -- C:\Users\Hichael\AppData\Roaming\QuickScan
[3 C:\Users\Hichael\Documents\*.tmp files -> C:\Users\Hichael\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Hichael\Desktop\*.tmp files -> C:\Users\Hichael\Desktop\*.tmp -> ]
[1 C:\Users\Hichael\*.tmp files -> C:\Users\Hichael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.10.01 18:37:44 | 004,718,592 | ---- | M] () -- C:\Users\Hichael\NTUSER.DAT
[2010.10.01 18:29:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Hichael\Desktop\OTL.exe
[2010.10.01 18:21:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.01 18:21:02 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.01 18:21:02 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.01 18:20:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.01 02:00:56 | 000,524,288 | -HS- | M] () -- C:\Users\Hichael\NTUSER.DAT{f38405f1-c733-11de-b3a5-001c2568b7b7}.TMContainer00000000000000000001.regtrans-ms
[2010.10.01 02:00:56 | 000,065,536 | -HS- | M] () -- C:\Users\Hichael\NTUSER.DAT{f38405f1-c733-11de-b3a5-001c2568b7b7}.TM.blf
[2010.09.30 23:22:49 | 000,194,881 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2010.09.29 19:00:15 | 002,135,364 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2010.09.27 21:22:03 | 001,277,810 | ---- | M] () -- C:\Users\Hichael\Documents\Dejan Pocuc & Hichael Mareno - Autumn Sun Project.rns
[2010.09.26 23:37:11 | 000,143,595 | ---- | M] () -- C:\Users\Hichael\Desktop\IMG_1156.3gp
[2010.09.26 15:54:02 | 000,883,778 | ---- | M] () -- C:\Users\Hichael\Documents\Hichael Mareno New proghouse.rns
[2010.09.23 14:10:17 | 001,239,486 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.23 14:10:17 | 000,597,924 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.23 14:10:17 | 000,462,612 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2010.09.23 14:10:17 | 000,105,956 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.23 14:10:17 | 000,081,532 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2010.09.22 21:01:53 | 000,000,020 | ---- | M] () -- C:\Users\Hichael\defogger_reenable
[2010.09.22 19:40:40 | 000,002,692 | ---- | M] () -- C:\ProgramData\search_result.xml
[2010.09.20 19:48:28 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2011.lnk
[2010.09.19 19:02:18 | 000,000,517 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.19 18:49:05 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.09.19 18:46:45 | 000,507,360 | ---- | M] () -- C:\Users\Hichael\Desktop\sdsetup.exe
[2010.09.19 16:47:19 | 001,531,220 | ---- | M] () -- C:\Users\Hichael\Documents\Hichael Mareno - Morning Tea (Original Mix).rns
[2010.09.16 14:08:23 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.16 14:06:19 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.15 19:01:02 | 000,007,700 | ---- | M] () -- C:\Users\Hichael\AppData\Local\d3d9caps.dat
[2010.09.13 00:34:58 | 000,051,200 | ---- | M] () -- C:\Users\Hichael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.12 23:04:05 | 000,002,231 | ---- | M] () -- C:\Users\Hichael\Desktop\iTunes.lnk
[2010.09.10 01:17:14 | 001,990,738 | ---- | M] () -- C:\Users\Hichael\Desktop\Eksmatte.rar
[2010.09.09 19:21:13 | 001,262,357 | ---- | M] () -- C:\Users\Hichael\Documents\Dejan Pocuc & Hichael Mareno - Autumn Sun Project.rar
[2010.09.09 15:11:40 | 000,944,908 | ---- | M] () -- C:\Users\Hichael\Documents\Those Who Made It.rns
[2010.09.08 20:47:28 | 001,262,180 | ---- | M] () -- C:\Users\Hichael\Documents\Dejan Pocuc Pack osv.rns
[2010.09.05 18:29:23 | 000,000,016 | ---- | M] () -- C:\Windows\System32\asdict.dat
[2010.09.05 18:27:26 | 000,000,415 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2010.09.03 15:36:02 | 000,002,339 | ---- | M] () -- C:\Users\Hichael\Desktop\Windows Movie Maker 2.6.lnk
[2010.09.03 11:28:54 | 000,087,400 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010.09.02 15:00:30 | 000,739,280 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.09.02 15:00:28 | 001,865,680 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[3 C:\Users\Hichael\Documents\*.tmp files -> C:\Users\Hichael\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Hichael\Desktop\*.tmp files -> C:\Users\Hichael\Desktop\*.tmp -> ]
[1 C:\Users\Hichael\*.tmp files -> C:\Users\Hichael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.26 23:36:20 | 000,143,595 | ---- | C] () -- C:\Users\Hichael\Desktop\IMG_1156.3gp
[2010.09.22 21:01:38 | 000,000,020 | ---- | C] () -- C:\Users\Hichael\defogger_reenable
[2010.09.22 19:40:39 | 000,002,692 | ---- | C] () -- C:\ProgramData\search_result.xml
[2010.09.20 19:48:28 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2011.lnk
[2010.09.19 19:02:18 | 000,000,517 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.19 18:50:21 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.09.19 18:50:21 | 000,002,074 | ---- | C] () -- C:\Windows\UDB.zip
[2010.09.19 18:50:21 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.09.19 18:50:21 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.09.19 18:50:21 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.09.19 18:49:09 | 002,135,364 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2010.09.19 18:49:05 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.09.19 18:46:49 | 000,507,360 | ---- | C] () -- C:\Users\Hichael\Desktop\sdsetup.exe
[2010.09.16 14:08:23 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.09.16 14:06:19 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.13 01:13:59 | 001,531,220 | ---- | C] () -- C:\Users\Hichael\Documents\Hichael Mareno - Morning Tea (Original Mix).rns
[2010.09.13 01:02:36 | 000,883,778 | ---- | C] () -- C:\Users\Hichael\Documents\Hichael Mareno New proghouse.rns
[2010.09.10 01:14:44 | 001,990,738 | ---- | C] () -- C:\Users\Hichael\Desktop\Eksmatte.rar
[2010.09.09 19:21:13 | 001,262,357 | ---- | C] () -- C:\Users\Hichael\Documents\Dejan Pocuc & Hichael Mareno - Autumn Sun Project.rar
[2010.09.09 19:17:57 | 001,277,810 | ---- | C] () -- C:\Users\Hichael\Documents\Dejan Pocuc & Hichael Mareno - Autumn Sun Project.rns
[2010.09.07 23:34:10 | 001,262,180 | ---- | C] () -- C:\Users\Hichael\Documents\Dejan Pocuc Pack osv.rns
[2010.09.07 19:23:39 | 000,944,908 | ---- | C] () -- C:\Users\Hichael\Documents\Those Who Made It.rns
[2010.09.05 18:29:23 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2010.09.05 18:27:26 | 000,000,415 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2010.09.05 17:51:37 | 000,194,881 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.08.26 15:24:02 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.08.26 15:24:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.04.25 13:42:32 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL
[2010.04.25 13:42:32 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGISSI.DLL
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.12 20:21:50 | 000,010,509 | ---- | C] () -- C:\Users\Hichael\AppData\Roaming\UserTile.png
[2010.02.06 22:17:02 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.12.01 16:21:25 | 000,000,000 | ---- | C] () -- C:\Users\Hichael\AppData\Local\prvlcl.dat
[2009.10.07 07:35:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 12:04:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.24 18:44:01 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.24 18:43:59 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.20 17:14:30 | 000,000,552 | ---- | C] () -- C:\Users\Hichael\AppData\Local\d3d8caps.dat
[2009.04.03 19:32:15 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2008.10.29 18:04:27 | 000,000,604 | ---- | C] () -- C:\Windows\Sof2.INI
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.15 17:53:21 | 000,079,360 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV77.sys
[2008.04.07 15:24:59 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.04.07 15:24:59 | 000,022,328 | ---- | C] () -- C:\Users\Hichael\AppData\Roaming\PnkBstrK.sys
[2008.04.05 19:34:59 | 000,051,200 | ---- | C] () -- C:\Users\Hichael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.05 12:38:52 | 000,000,095 | ---- | C] () -- C:\Users\Hichael\AppData\Local\fusioncache.dat
[2008.04.05 12:12:02 | 000,000,559 | ---- | C] () -- C:\Windows\DFC.INI
[2008.04.05 00:55:41 | 000,032,768 | ---- | C] () -- C:\Windows\TBPanelExt.dll
[2008.04.05 00:55:41 | 000,012,285 | ---- | C] () -- C:\Windows\Cadx3.ini
[2008.04.05 00:55:41 | 000,006,942 | ---- | C] () -- C:\Windows\cadx2.ini
[2008.04.05 00:55:41 | 000,005,120 | ---- | C] () -- C:\Windows\TBManage.dll
[2008.04.05 00:53:00 | 000,007,700 | ---- | C] () -- C:\Users\Hichael\AppData\Local\d3d9caps.dat
[2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.19 20:05:18 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.04.05 17:02:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.04.05 17:02:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.04.05 17:02:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2010.07.23 09:55:26 | 000,008,376 | ---- | M] () MD5=392109B19236D1787BE7E8C848DE82C3 -- C:\Programfiler\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll

< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.09.25 03:30:23 | 000,190,464 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\d3d10core.dll
[2009.04.11 08:28:23 | 000,286,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rasapi32.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\Windows\System32\drivers\bdfm.sys
[2010.07.09 15:08:14 | 000,327,368 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\System32\drivers\bdfsfltr.sys

< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010.07.09 15:08:14 | 000,327,368 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdfsfltr.sys
[2010.09.01 11:21:04 | 000,159,296 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.08.18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.07.16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010.07.16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010.09.01 10:13:04 | 000,247,824 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.08.10 16:58:50 | 000,031,960 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010.09.03 11:28:54 | 000,087,400 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010.08.27 08:26:40 | 000,123,968 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010.08.27 08:26:40 | 000,070,536 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.08.28 11:28:48 | 000,102,184 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.08.26 11:39:46 | 000,051,984 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010.08.26 11:39:46 | 000,033,552 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010.08.26 11:39:46 | 000,068,880 | --S- | M] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010.07.27 12:50:00 | 000,253,072 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys

========== Files - Unicode (All) ==========
[2010.09.20 19:25:16 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2010.09.20 19:21:30 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2010.04.06 15:48:09 | 000,102,456 | ---- | M] ()(C:\Users\Hichael\He?rik_06_04_2010@15_48_04.wav) -- C:\Users\Hichael\Heηrik_06_04_2010@15_48_04.wav
[2010.03.13 20:19:46 | 000,099,256 | ---- | M] ()(C:\Users\Hichael\He?rik_13_03_2010@19_15_04.wav) -- C:\Users\Hichael\Heηrik_13_03_2010@19_15_04.wav
[2009.11.20 14:23:35 | 000,112,056 | ---- | M] ()(C:\Users\Hichael\He?rik_20_11_2009@13_21_06.wav) -- C:\Users\Hichael\Heηrik_20_11_2009@13_21_06.wav
[2009.11.20 14:20:48 | 000,076,856 | ---- | M] ()(C:\Users\Hichael\He?rik_20_11_2009@13_20_30.wav) -- C:\Users\Hichael\Heηrik_20_11_2009@13_20_30.wav

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 76 bytes -> C:\Users\Hichael\DSC_0526.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Hichael\2009_Hichael_1.JPG:Roxio EMC Stream
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 10 bytes -> C:\Users\Hichael\Desktop\sdsetup.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Users\Hichael\Desktop\OTL.exe:BDU
< End of report >


OTL Extras logfile created on: 01.10.2010 18:31:47 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Hichael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29,30 Gb Total Space | 0,90 Gb Free Space | 3,08% Space Free | Partition Type: NTFS
Drive D: | 436,46 Gb Total Space | 221,48 Gb Free Space | 50,75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HICHAEL-PC
Current User Name: Hichael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1753206580-1660478298-384942841-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C66FB19-813E-4FDD-96D7-2EC23B52CCCB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{41B93374-47C7-46AB-92D6-1BF0DBA7135E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{851883A0-1998-44E0-A836-C0976CC7D343}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073DDF72-8022-4529-9F96-1D11F790F9F0}" = protocol=6 | dir=in | app=d:\nvn2\nwn2main.exe |
"{08A9FA71-B43E-467E-A928-B1E72E4EFAE4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0ACB3408-99B2-460A-940C-6751FDB593F5}" = protocol=17 | dir=in | app=d:\spill\aoe3\age3x.exe |
"{0CB2FCC0-A344-47F2-905E-685979BF2F6C}" = protocol=17 | dir=in | app=d:\spill\aoe3\age3y.exe |
"{0FCFC621-41A0-4E40-9E39-60978DB0C3CA}" = protocol=17 | dir=in | app=d:\nvn2\nwn2main_amdxp.exe |
"{13BAFA1E-942D-4D97-95F7-1FAB13CE2D94}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13F74DA1-F26C-4A58-9D29-F380C65437B2}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{157606DD-A259-459F-B12E-BCC355CF7A5E}" = protocol=6 | dir=in | app=d:\spill\aoe3\age3x.exe |
"{1AB850DC-A703-42C8-A995-3428A42F5F57}" = protocol=17 | dir=in | app=d:\spill\sacred\system\sacred2.exe |
"{1D93DF5D-4F84-4799-BFB7-942388EC6EA5}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{33D7F2ED-30CC-44DD-93AE-E31303E9F01C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{34DE9AA4-6945-4CD0-9B6A-34A6E147D4D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{38C7892C-0D8A-4973-8E11-4B7CD1BFFC51}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3962FDE2-6D01-494D-B70C-9F603380AB8F}" = protocol=17 | dir=in | app=d:\spill\dao\bin_ship\daocharactercreator.exe |
"{3CF6E2A5-1004-4C0D-99A6-376C52713D7D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4228CADF-5995-45E5-8734-1CF4960CAAF3}" = protocol=6 | dir=in | app=d:\spill\wic\wic_online.exe |
"{44602E44-DBF0-4F54-8785-B461F312220D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C165C0E-0A79-479B-8CD1-100C4CF13044}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{58D309F7-CB3B-4E4E-9EF7-E81B7346340A}" = protocol=6 | dir=in | app=d:\spill\wic\wic_ds.exe |
"{5BF3F2BF-B744-4D71-BFF8-BAF25C81EAB0}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{5D6B4892-BA9C-4C9D-9A7D-325F8CCBD749}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{5F65C6AA-B99A-405B-A803-60D73783184A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6107B080-D8BA-43F8-A767-F954533C2F33}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{61CD5F28-DC6D-42FD-8F77-0AE2BFE4E755}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{64F0E2AB-8BA7-4EEE-BBC3-332FA0CD2F19}" = protocol=17 | dir=in | app=d:\spill\wic\wic_online.exe |
"{6993F31C-E5A0-4AF5-850B-1216D705B6C3}" = protocol=6 | dir=in | app=d:\spill\crysis\bin32\crysis.exe |
"{72E4E3D2-AE18-434A-B948-E4A9E8661D7B}" = protocol=17 | dir=in | app=d:\nvn2\nwn2server.exe |
"{73471237-A174-43BC-BDFF-0F813C081FA6}" = protocol=6 | dir=in | app=d:\spill\dao\daoriginslauncher.exe |
"{73C2EBE3-DBA7-45FC-B402-249135EC6072}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7DC7A65C-B26A-4EE2-8DD5-D8D7037A120F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{7F1CBA1D-C6FD-47E0-AE20-ECFD45A08CAA}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7F90BE62-5A24-4C5D-AF11-0F6F86AA5533}" = protocol=17 | dir=in | app=d:\nvn2\nwupdate.exe |
"{8145298C-216D-4358-8B7C-E2793919ADA5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8739DCB8-BCA2-46BE-8D59-A0BF6C673DF3}" = protocol=6 | dir=in | app=d:\spill\sacred\system\sacred2.exe |
"{87D277D9-E231-485D-956D-EE3AEB55BB21}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F6ECC44-EE9C-4471-BAB1-4A89A33DD087}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{92DE49CA-5B8B-44E8-BF46-28B841EAB59F}" = protocol=17 | dir=in | app=d:\spill\crysis\bin32\crysisdedicatedserver.exe |
"{96C31F22-FAA5-4CEC-8F58-C076B804D157}" = protocol=17 | dir=in | app=d:\spill\wic\wic_ds.exe |
"{9A8F8924-1941-47F3-84B7-DC158A27AA31}" = protocol=17 | dir=in | app=d:\spill\sacred\system\s2gs.exe |
"{9C55D539-A83B-4A91-B9CF-F9596013D4EB}" = protocol=6 | dir=in | app=d:\nvn2\nwn2main_amdxp.exe |
"{9E6217BE-0CEC-4050-BE91-0375CB7FA8BD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9FA0632F-F7F2-42FF-94A2-021E3C821648}" = protocol=6 | dir=in | app=d:\spill\dao\bin_ship\daocharactercreator.exe |
"{AA66FE99-1B86-4D95-885B-70C40267F484}" = protocol=6 | dir=in | app=d:\spill\crysis\bin32\crysisdedicatedserver.exe |
"{ACBC3C98-9C06-4FE7-BEFD-A2100763B3CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B285201F-09AF-40E8-8A13-8D35A6CC6BF4}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B3CE4452-F4C1-44DE-B619-006634965218}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{BBCEB610-D414-40AC-84CC-064831EE24E2}" = protocol=17 | dir=in | app=d:\spill\dao\daoriginslauncher.exe |
"{BBDC34B2-5BB2-42AB-B7F1-5C15D79D7710}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C14CE6B8-A979-4139-8234-36E50B521DBE}" = protocol=6 | dir=in | app=d:\spill\sacred\system\s2gs.exe |
"{C2FB178F-F6CA-4556-95BA-66E152F1FC68}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C6193526-7556-49F4-90C6-35F7D33F30B3}" = protocol=17 | dir=in | app=d:\spill\crysis\bin32\crysis.exe |
"{CDB7AEA7-B5E2-4C84-8021-1626C804D8A6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D3443BC1-857E-4C5D-855B-BEC07960A036}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{D4973999-FEE5-4DB6-995D-A61ED69D9398}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{D9552882-02D0-4DB5-B0E3-66D47F7EC6A9}" = protocol=6 | dir=in | app=d:\nvn2\nwn2server.exe |
"{D96CFB70-4215-40E5-9D98-25A81CC37826}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DC120192-E879-4595-8910-533D38C97514}" = protocol=6 | dir=in | app=d:\spill\aoe3\age3y.exe |
"{E243B561-B7B0-4893-8207-EACC6BB981D0}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{E2A41D5B-41D6-454B-B4F6-20529434CC6F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E42DE26D-3CC3-46C7-97B9-CB17CEC654B6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E5358967-30AC-4205-970C-8D74F04D7C87}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F0C322EE-07C1-4600-92D9-A36BDE1F9D0D}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F3720208-E536-4099-93AD-4A8448B2EED0}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{F4267DC2-8CAE-40A9-9F1E-56868DF45AD3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{F86FECB7-171C-4058-9AD7-552566FE4E10}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F8EDCB73-65CA-4297-9A62-D605CCE8F453}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F9A688D1-EBB8-4BB7-AFF8-03C0DFBDB3AC}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{F9F98F24-1CA0-4389-88DB-CDB1DB729171}" = protocol=17 | dir=in | app=d:\nvn2\nwn2main.exe |
"{FC01794C-A201-4DDB-AAB9-4EB628ADFB05}" = protocol=6 | dir=in | app=d:\nvn2\nwupdate.exe |
"TCP Query User{0844479F-9023-4FD2-8BA6-5D1F6633F299}D:\spill\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=d:\spill\station\launchpad\launchpad.exe |
"TCP Query User{0F51A68C-1373-4453-A2A9-18AE8DD6C079}D:\spill\heroes of might and magic iii complete\heroes3.exe" = protocol=6 | dir=in | app=d:\spill\heroes of might and magic iii complete\heroes3.exe |
"TCP Query User{16B7B612-7D8C-431C-8D93-79C25AC1581F}C:\users\hichael\desktop\aoc-eu-earlyaccess.exe" = protocol=6 | dir=in | app=c:\users\hichael\desktop\aoc-eu-earlyaccess.exe |
"TCP Query User{3844A835-E003-409A-9C89-269CCB6A7CD6}C:\program files\virtualdj\virtualdj.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"TCP Query User{3E858DB8-A16B-4CFB-BAA7-828B23C0E0C3}D:\spill\ra3\data\ra3_1.9.game" = protocol=6 | dir=in | app=d:\spill\ra3\data\ra3_1.9.game |
"TCP Query User{43B26566-8CE7-4611-B673-B3BC4FFC5E9E}D:\spill\ddo\dndclient.exe" = protocol=6 | dir=in | app=d:\spill\ddo\dndclient.exe |
"TCP Query User{598C32F7-BBA7-45C0-B0F8-26078AC3D4E5}C:\users\hichael\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\hichael\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{5F68FFD0-CE13-468F-A0A1-6C105995A4B3}K:\sierra\wic\wic.exe" = protocol=6 | dir=in | app=k:\sierra\wic\wic.exe |
"TCP Query User{649080AD-15E6-4B55-B910-92FA7DFDD0A3}D:\spill\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=d:\spill\the lord of the rings online\lotroclient.exe |
"TCP Query User{69A173E7-6D6D-419E-B48C-7DE989C414D5}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{69C89EE6-42C6-44D3-A676-19B7601996B8}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{711DE2DB-FBC6-4CA7-9D98-AB7E109A99F1}D:\spill\station\launchpad\_aunchpad.exe" = protocol=6 | dir=in | app=d:\spill\station\launchpad\_aunchpad.exe |
"TCP Query User{7D9C6E70-AEE0-4882-99FB-C63883D6E9C6}D:\spill\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spill\warcraft iii\war3.exe |
"TCP Query User{8E179363-CA23-4EED-A432-23E0F4D99544}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe |
"TCP Query User{955EFAE3-2AA1-43B7-ABCA-BAFFCEC5635C}D:\spill\ra3\data\ra3_1.7.game" = protocol=6 | dir=in | app=d:\spill\ra3\data\ra3_1.7.game |
"TCP Query User{9C2FD0A6-F466-4491-A8B9-32D95C02AEC8}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"TCP Query User{A1BD4F56-E57E-4BD1-86D9-1129C94EB543}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{A8D4869A-5F8A-4A6E-9699-29B77BB46371}D:\spill\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spill\world of warcraft\launcher.exe |
"TCP Query User{B52553D3-DB86-4D54-B8DD-9FFB47BCE09E}D:\spill\ra3\data\ra3_1.3.game" = protocol=6 | dir=in | app=d:\spill\ra3\data\ra3_1.3.game |
"TCP Query User{B8DD5FB5-4E4C-452E-B089-5A735A94E931}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=6 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |
"TCP Query User{BA2530C8-39D2-4BD8-98E7-4DB57864FB53}C:\users\hichael\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\hichael\program files\dna\btdna.exe |
"TCP Query User{BA2DD815-C47A-49FF-904E-743446AC62E7}D:\spill\ra3\data\ra3_1.6.game" = protocol=6 | dir=in | app=d:\spill\ra3\data\ra3_1.6.game |
"TCP Query User{C5D65CFF-9CB4-49B7-8C3B-9361FFFAB64D}D:\spill\ra3\data\ra3_1.2.game" = protocol=6 | dir=in | app=d:\spill\ra3\data\ra3_1.2.game |
"TCP Query User{D28B2F03-8E5C-47A8-A89A-755BE0B637FA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D6FF9D67-450E-4EA5-80A4-1FDA13F52C76}D:\spill\sacred\sacred.exe" = protocol=6 | dir=in | app=d:\spill\sacred\sacred.exe |
"TCP Query User{E24269A7-6F6A-457C-BC1B-498C279179EF}D:\program files\soldier of fortune ii - double helix\sof2mp.exe" = protocol=6 | dir=in | app=d:\program files\soldier of fortune ii - double helix\sof2mp.exe |
"TCP Query User{F4135862-07E2-4E46-A3E1-4238938505D5}D:\spill\ra3\data\ra3_1.12.game" = protocol=6 | dir=in | app=d:\spill\ra3\data\ra3_1.12.game |
"TCP Query User{FB406E1F-DED8-402A-A56E-A4F77B7B8C13}D:\spill\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spill\warcraft iii\war3.exe |
"UDP Query User{0A75FA3C-552B-450B-BE3A-F1CF97685861}D:\spill\ra3\data\ra3_1.9.game" = protocol=17 | dir=in | app=d:\spill\ra3\data\ra3_1.9.game |
"UDP Query User{15FFB78B-1E0D-4874-B050-2972EE71A9D3}D:\spill\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spill\world of warcraft\launcher.exe |
"UDP Query User{178FB656-679E-4206-958B-DECD8C9B0DD4}D:\spill\heroes of might and magic iii complete\heroes3.exe" = protocol=17 | dir=in | app=d:\spill\heroes of might and magic iii complete\heroes3.exe |
"UDP Query User{1992C671-B86F-4B9B-9211-D0C049C3E289}D:\program files\soldier of fortune ii - double helix\sof2mp.exe" = protocol=17 | dir=in | app=d:\program files\soldier of fortune ii - double helix\sof2mp.exe |
"UDP Query User{219C967E-A969-4827-B7EE-14930DB26713}D:\spill\ra3\data\ra3_1.7.game" = protocol=17 | dir=in | app=d:\spill\ra3\data\ra3_1.7.game |
"UDP Query User{286411D2-389B-4F4D-8F8F-E3586BE45082}D:\spill\ddo\dndclient.exe" = protocol=17 | dir=in | app=d:\spill\ddo\dndclient.exe |
"UDP Query User{375782CE-D911-42CE-B59B-CF0C14B44A38}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{45B3E1C1-3DB2-4276-8F5C-A329F586B43D}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe |
"UDP Query User{47A7DC58-06CF-4D0F-B387-959EF3D4BB77}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{4881DEB5-A4F0-46BB-BD2E-A3CC0C1B35C8}D:\spill\sacred\sacred.exe" = protocol=17 | dir=in | app=d:\spill\sacred\sacred.exe |
"UDP Query User{52876510-542B-455C-9B6F-219690E305AA}D:\spill\ra3\data\ra3_1.2.game" = protocol=17 | dir=in | app=d:\spill\ra3\data\ra3_1.2.game |
"UDP Query User{56E205E4-F880-49E5-9701-1BB8EE95985C}D:\spill\station\launchpad\_aunchpad.exe" = protocol=17 | dir=in | app=d:\spill\station\launchpad\_aunchpad.exe |
"UDP Query User{5C52A1EA-EE4F-4C82-9991-47F13D047884}D:\spill\ra3\data\ra3_1.12.game" = protocol=17 | dir=in | app=d:\spill\ra3\data\ra3_1.12.game |
"UDP Query User{661DBEF5-2170-46C6-8C01-33908457E859}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{68C1DFCD-4990-4202-AD64-55FE9314D38F}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=17 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe |
"UDP Query User{6A13ED16-F7DD-459D-9104-4F17940B3034}C:\program files\virtualdj\virtualdj.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj.exe |
"UDP Query User{6CEB23CD-11D4-43AB-8978-C36BC9E9DFF0}D:\spill\ra3\data\ra3_1.6.game" = protocol=17 | dir=in | app=d:\spill\ra3\data\ra3_1.6.game |
"UDP Query User{725AF093-5E7D-4CA0-BF9A-6ACD00FCBD14}D:\spill\ra3\data\ra3_1.3.game" = protocol=17 | dir=in | app=d:\spill\ra3\data\ra3_1.3.game |
"UDP Query User{812FF868-372D-4268-B6BF-2A3DF3344A76}D:\spill\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=d:\spill\station\launchpad\launchpad.exe |
"UDP Query User{9012D8CA-D84F-4DB7-B657-B17C10B1F61D}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe |
"UDP Query User{93AC5DD7-FD70-4154-B581-08E1A02B7BFC}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{B83C60E3-5F6E-47B2-B3A0-932BC9372C0E}C:\users\hichael\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\hichael\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{C4A0B211-7793-4E0B-9211-D36F5C89C816}D:\spill\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spill\warcraft iii\war3.exe |
"UDP Query User{C83D3545-0A6B-4408-A605-ED434443369A}D:\spill\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=d:\spill\the lord of the rings online\lotroclient.exe |
"UDP Query User{CEB92D25-EBEC-4D7A-B773-04668FA0A517}K:\sierra\wic\wic.exe" = protocol=17 | dir=in | app=k:\sierra\wic\wic.exe |
"UDP Query User{D6453297-4596-4BB8-AE2E-F308BC4DDCF5}C:\users\hichael\desktop\aoc-eu-earlyaccess.exe" = protocol=17 | dir=in | app=c:\users\hichael\desktop\aoc-eu-earlyaccess.exe |
"UDP Query User{F38A2DAF-F34A-4D49-B0B7-E667FF486A02}C:\users\hichael\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\hichael\program files\dna\btdna.exe |
"UDP Query User{FB3A6025-D270-45C3-96E9-98CE1C341A6E}D:\spill\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spill\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0DFC4415-8E8F-4ADB-8A0B-2F314A8FD14D}" = Windows Live Messenger
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Opplastingsverktøy for Windows Live
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2ADD2892-255C-34C2-AE90-5EF603273DFF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nor
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{48EB9208-593D-4DC7-B613-9C5A210D87BA}" = Sony Sound Forge 8.0b
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3B0503-7DF4-4BE7-BC75-F6B02AC78C06}" = Windows Live Essentials
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80FED25F-6F99-4BC4-AA83-7964CFAFDB53}" = Clue 7.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1044-7B44-A93000000001}" = Adobe Reader 9.3.1 - Norsk
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4A3B14A-1C4B-47B9-A5B5-BF429237D568}" = muveeNow 2.1
"{B965A150-17AB-4EB1-AD98-33149DDBD928}" = Påloggingsassistent for Windows Live
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFB8BDCE-8814-4B9A-8EA9-31DB74FEF0AE}" = BitDefender Internet Security 2011
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D54049D3-256C-4E19-AAE9-861F6B00BF29}" = AGEIA GAME System Software
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"BitDefender" = BitDefender Internet Security 2011
"Browser Defender_is1" = Browser Defender 3.0
"CCleaner" = CCleaner
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DungeonSiege 1.0" = Dungeon Siege
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVE" = EVE Online (remove only)
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"Gainward" = EXPERTool
"gossiper Toolbar" = gossiper Toolbar
"Hamachi" = Hamachi 1.0.3.0
"hon" = Heroes of Newerth
"Live 8.0.5" = Live 8.0.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - nor" = Språkpakke for Microsoft .NET Framework 3.5 SP1 - NOR
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"RealPlayer 12.0" = RealPlayer
"Reason4_is1" = Reason 4.0
"Spyware Doctor" = Spyware Doctor 8.0
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.3
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZENStonePlusUG" = Creative ZEN Stone Plus User's Guide

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1753206580-1660478298-384942841-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.10.2009 08:10:52 | Computer Name = Hichael-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24.10.2009 13:06:11 | Computer Name = Hichael-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24.10.2009 16:10:45 | Computer Name = Hichael-PC | Source = Application Error | ID = 1000
Description = Program med feil firefox.exe, versjon 1.8.20081.21709, tidsangivelse
0x49494210, modul med feil ntdll.dll, versjon 6.0.6001.18000, tidsangivelse 0x4791a7a6,
unntakskode 0xc0000005, feilforskyvning 0x00047dd2, prosess-ID 0x1174, starttid
for program 0x01ca54e2bafb2526.

Error - 24.10.2009 17:42:20 | Computer Name = Hichael-PC | Source = Application Hang | ID = 1002
Description = Programmet FL.exe versjon 0.0.0.0 sluttet å samhandle med Windows
og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet,
ser du i problemhistorikken i kontrollpanelet for Problemrapportering og -løsninger.
Prosess-ID:
c68 Starttidspunkt: 01ca54f15956d6f5 Avslutningstidspunkt: 9

Error - 24.10.2009 18:03:46 | Computer Name = Hichael-PC | Source = Application Hang | ID = 1002
Description = Programmet iexplore.exe versjon 8.0.6001.18828 sluttet å samhandle
med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig
om problemet, ser du i problemhistorikken i kontrollpanelet for Problemrapportering
og -løsninger. Prosess-ID: e14 Starttidspunkt: 01ca54f5c727480e Avslutningstidspunkt:
0

Error - 24.10.2009 18:19:39 | Computer Name = Hichael-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24.10.2009 18:38:52 | Computer Name = Hichael-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24.10.2009 19:08:04 | Computer Name = Hichael-PC | Source = Application Hang | ID = 1002
Description = Programmet DragonAgeOriginsCharacterCreator_en.exe versjon 1.0.0.17
sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer
informasjon tilgjengelig om problemet, ser du i problemhistorikken i kontrollpanelet
for Problemrapportering og -løsninger. Prosess-ID: 11dc Starttidspunkt: 01ca54fea075a6f9
Avslutningstidspunkt:
30334

Error - 24.10.2009 19:09:48 | Computer Name = Hichael-PC | Source = VSS | ID = 8194
Description =

Error - 24.10.2009 19:10:47 | Computer Name = Hichael-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 17.10.2009 17:29:19 | Computer Name = Hichael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.10.2009 18:17:52 | Computer Name = Hichael-PC | Source = volsnap | ID = 393252
Description = Skyggekopiene av volum C: ble avbrutt fordi skyggekopilageret ikke
kunne vokse på grunn av en brukerdefinert grense.

Error - 18.10.2009 05:51:36 | Computer Name = Hichael-PC | Source = HTTP | ID = 15016
Description =

Error - 18.10.2009 05:53:08 | Computer Name = Hichael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.10.2009 10:07:53 | Computer Name = Hichael-PC | Source = EventLog | ID = 6008
Description = Forrige avslutning av systemet 15:55:55 på 18.10.2009 var uventet.

Error - 18.10.2009 10:07:54 | Computer Name = Hichael-PC | Source = HTTP | ID = 15016
Description =

Error - 18.10.2009 10:09:10 | Computer Name = Hichael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.10.2009 15:39:40 | Computer Name = Hichael-PC | Source = HTTP | ID = 15016
Description =

Error - 18.10.2009 15:41:13 | Computer Name = Hichael-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19.10.2009 07:25:26 | Computer Name = Hichael-PC | Source = EventLog | ID = 6008
Description = Forrige avslutning av systemet 13:12:51 på 19.10.2009 var uventet.

[ TuneUp Events ]
Error - 16.12.2009 20:11:56 | Computer Name = Hichael-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 31.12.2009 13:47:58 | Computer Name = Hichael-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 31.12.2009 13:48:04 | Computer Name = Hichael-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 24.01.2010 14:04:02 | Computer Name = Hichael-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 28.01.2010 14:49:43 | Computer Name = Hichael-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 30.01.2010 17:50:39 | Computer Name = Hichael-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 31.01.2010 09:29:24 | Computer Name = Hichael-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 07.02.2010 14:50:16 | Computer Name = Hichael-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 08.02.2010 17:06:09 | Computer Name = Hichael-PC | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 08.02.2010 18:38:12 | Computer Name = Hichael-PC | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >





#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:08 AM

Posted 03 October 2010 - 10:59 AM

Hi,

please try to run a scan with Rootkit Unhooker next:
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:08 AM

Posted 16 October 2010 - 04:06 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users