View Full Version : Help to remove win32.FraudLoad.edt
Hi
This is my first time posting on this forum so I hope I'm doing things right.
I have been using Spybot S&D for a long time now and it's been working great, but last time I scanned my PC Spybot found win32.FraudLoad.edt. and ever since my PC have been freezing / running slowly. Sadly I can't get Spybot S&D to remove it, so now I hope you can help me.
DDS (Ver_10-03-17.01) - NTFSX64
Run by Jacob at 11:31:48,04 on 12-08-2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.8182.5887 [GMT 2:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\ASUS\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jacob\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Jacob\Documents\dds.scr
C:\Windows\SysWOW64\conime.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No File
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files (x86)\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON SX110 Series] c:\windows\system32\spool\drivers\x64\3\e_iatifbe.exe /fu "c:\windows\temp\E_S15F4.tmp" /EF "HKCU"
uRun: [Octoshape Streaming Services] "c:\users\jacob\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [PCMMediaSharing] "c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe"
mRun: [eRecoveryService]
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [RemoteControl] "c:\program files (x86)\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Mobile Connectivity Suite] "c:\program files (x86)\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [EEventManager] c:\progra~2\epsons~1\eventm~1\EEventManager.exe
mRun: [LogMeIn Hamachi Ui] "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
StartupFolder: c:\users\jacob\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jacob\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\jacob\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\asus\bluetooth software\BTTray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\smartc~1.lnk - c:\program files (x86)\northstar\smartcopy\SmartCopy.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\smartl~1.lnk - c:\program files (x86)\northstar\smartlauncher\SmartLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\asus\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\asus\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\asus\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun-x64: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun-x64: [eDataSecurity Loader] "c:\program files (x86)\acer\empowering technology\edatasecurity\x64\eDSloader.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\asus\bluetooth software\btsendto_ie.htm
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\jacob\appdata\roaming\mozilla\firefox\profiles\lcaj1ta1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jacob\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-8-11 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-8-11 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-8-11 317520]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-2-11 269448]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-8-11 308136]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-2-11 24576]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2010-3-30 1823112]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-9-9 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y60x64.sys [2010-4-7 310472]
R3 FontCache;Tjenesten Windows-skrifttypecache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [2009-2-11 28160]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-6 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-11 431432]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
S3 cpudrv64;cpudrv64;c:\program files (x86)\systemrequirementslab\cpudrv64.sys [2009-12-18 17864]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 31744]
S3 netr7364;ASUS USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr7364.sys [2008-2-26 615424]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 PerfHost;Vært for DLL-ydelsestæller;c:\windows\syswow64\perfhost.exe [2008-1-21 19968]
============== File Associations ===============
JSEFile=c:\windows\syswow64\WScript.exe "%1" %*
=============== Created Last 30 ================
2010-08-11 22:51:31 7002216 ----a-w- c:\windows\system32\nvwgf2umx.dll
2010-08-11 22:51:31 56936 ----a-w- c:\windows\syswow64\OpenCL.dll
2010-08-11 22:51:31 5107816 ----a-w- c:\windows\syswow64\nvwgf2um.dll
2010-08-11 22:51:29 14092904 ----a-w- c:\windows\syswow64\nvoglv32.dll
2010-08-11 22:51:27 9818728 ----a-w- c:\windows\syswow64\nvd3dum.dll
2010-08-11 22:51:27 2892904 ----a-w- c:\windows\syswow64\nvcuvid.dll
2010-08-11 22:51:27 2506344 ----a-w- c:\windows\syswow64\nvcuvenc.dll
2010-08-11 22:51:26 4553832 ----a-w- c:\windows\syswow64\nvcuda.dll
2010-08-11 22:51:26 10267240 ----a-w- c:\windows\syswow64\nvcompiler.dll
2010-08-11 22:51:25 260712 ----a-w- c:\windows\system32\nvcod1922.dll
2010-08-11 22:51:25 260712 ----a-w- c:\windows\system32\nvcod.dll
2010-08-11 22:51:25 1625192 ----a-w- c:\windows\syswow64\nvapi.dll
2010-08-11 21:41:28 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-08-11 21:41:26 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-08-11 21:41:24 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-08-11 21:41:22 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-08-11 21:41:22 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-11 21:41:19 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-11 21:39:05 0 d-----w- c:\program files (x86)\AVG
2010-08-11 21:38:50 0 d-----w- c:\programdata\avg9
2010-08-11 18:53:13 65536 --sha-w- c:\users\jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TM.blf
2010-08-11 18:53:13 524288 --sha-w- c:\users\jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TMContainer00000000000000000002.regtrans-ms
2010-08-11 18:53:13 524288 --sha-w- c:\users\jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TMContainer00000000000000000001.regtrans-ms
2010-08-09 18:37:26 0 d-----w- c:\programdata\NVIDIA Corporation
2010-08-09 18:33:18 7002216 ----a-w- c:\windows\system32\SETB487.tmp
2010-08-09 18:33:18 65128 ----a-w- c:\windows\system32\OpenCL.dll
2010-08-09 18:33:18 13187176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-08-09 18:33:18 11240 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-08-09 18:33:16 19114088 ----a-w- c:\windows\system32\nvoglv64.dll
2010-08-09 18:33:11 3089512 ----a-w- c:\windows\system32\nvcuvid.dll
2010-08-09 18:33:09 6116968 ----a-w- c:\windows\system32\nvcuda.dll
2010-08-09 18:33:09 2761832 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-08-09 18:33:06 14513768 ----a-w- c:\windows\system32\nvcompiler.dll
2010-08-04 21:42:33 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-27 12:14:21 0 d-----w- c:\program files (x86)\YouTube Downloader
2010-07-22 16:10:51 0 d-----w- c:\users\jacob\appdata\roaming\Ubisoft
==================== Find3M ====================
2010-08-12 09:27:50 36917 ----a-w- c:\programdata\nvModes.dat
2010-08-11 22:53:06 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-11 22:53:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-08-11 22:53:04 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-11 21:40:50 348714 ----a-w- c:\windows\system32\perfc006.dat
2010-08-11 21:40:50 1217782 ----a-w- c:\windows\system32\perfh006.dat
2010-08-09 13:15:25 218808 ----a-w- c:\windows\syswow64\PnkBstrB.exe
2010-07-09 22:38:00 660072 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38:00 2037864 ----a-w- c:\windows\system32\nvapi64.dll
2010-07-09 22:38:00 12471400 ----a-w- c:\windows\system32\nvd3dumx.dll
2010-07-09 14:17:18 1882216 ----a-w- c:\windows\system32\nvsvcr.dll
2010-07-09 14:17:18 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 14:17:18 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 14:17:18 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:17:18 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-07 11:46:54 660072 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-18 15:00:40 311968 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-06-18 15:00:39 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-24 21:06:14 185920 ----a-w- c:\windows\syswow64\rmoc3260.dll
2010-05-24 21:06:05 6656 ----a-w- c:\windows\syswow64\pndx5016.dll
2010-05-24 21:06:05 5632 ----a-w- c:\windows\syswow64\pndx5032.dll
2010-05-24 21:05:37 278528 ----a-w- c:\windows\syswow64\pncrt.dll
2009-11-17 19:07:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 10:21:16 36364 ----a-w- c:\windows\inf\perflib\0406\perfd.dat
2008-01-21 10:21:16 36364 ----a-w- c:\windows\inf\perflib\0406\perfc.dat
2008-01-21 10:21:15 300302 ----a-w- c:\windows\inf\perflib\0406\perfi.dat
2008-01-21 10:21:15 300302 ----a-w- c:\windows\inf\perflib\0406\perfh.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-24 19:44:05 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-13 17:28:54 32768 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-13 17:28:54 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-13 17:28:54 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 11:33:28,68 ===============
Hi,
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Post also Spybot report showing that threat, please.
OTL.Txt
OTL logfile created on: 16-08-2010 22:25:17 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Jacob\Documents
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy
8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 67,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366,72 Gb Total Space | 97,31 Gb Free Space | 26,54% Space Free | Partition Type: NTFS
Drive D: | 550,13 Gb Total Space | 531,01 Gb Free Space | 96,52% Space Free | Partition Type: NTFS
Drive E: | 680,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465,76 Gb Total Space | 442,43 Gb Free Space | 94,99% Space Free | Partition Type: NTFS
Computer Name: JACOB-PC
Current User Name: Jacob
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Jacob\Dokumenter\OTL.exe File not found
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Users\Jacob\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe ()
PRC - C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe (North Star com.)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
========== Modules (SafeList) ==========
MOD - C:\Users\Jacob\Dokumenter\OTL.exe File not found
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programmer\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (btwdins) -- C:\Programmer\ASUS\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (btaudio) -- C:\Windows\SysNative\drivers\btaudio.sys (Broadcom Corporation.)
DRV:64bit: - (BTKRNL) -- C:\Windows\SysNative\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV:64bit: - (BTWUSB) -- C:\Windows\SysNative\Drivers\btwusb.sys (Broadcom Corporation.)
DRV:64bit: - (BTWDNDIS) -- C:\Windows\SysNative\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV:64bit: - (btwhid) -- C:\Windows\SysNative\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV:64bit: - (BTDriver) -- C:\Windows\SysNative\DRIVERS\btport.sys (Broadcom Corporation.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.dk/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-05-24 23:06:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010-08-11 23:40:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010-08-11 23:41:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-07-25 22:39:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-07-25 22:39:51 | 000,000,000 | ---D | M]
[2009-07-13 19:43:21 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Mozilla\Extensions
[2010-08-16 22:21:09 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lcaj1ta1.default\extensions
[2010-07-01 16:38:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lcaj1ta1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-08-05 23:34:07 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lcaj1ta1.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009-09-14 23:04:09 | 000,002,171 | ---- | M] () -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lcaj1ta1.default\searchplugins\bing.xml
[2010-08-16 22:11:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010-06-29 11:48:50 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2010-06-29 11:48:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml
[2010-06-29 11:48:51 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-dk.xml
O1 HOSTS File: ([2010-04-25 18:39:18 | 000,392,729 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13565 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programmer\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIFBE.EXE File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Jacob\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send to &Bluetooth Device... - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send To Bluetooth - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.242.40.3 212.242.40.51
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-10-23 07:40:56 | 000,000,107 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4766e5c0-a84a-11df-9a1f-002268643327}\Shell - "" = AutoRun
O33 - MountPoints2\{4766e5c0-a84a-11df-9a1f-002268643327}\Shell\AutoRun\command - "" = K:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010-08-16 22:11:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jacob\Documents\OTL.exe
[2010-08-14 17:48:21 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Documents\skole
[2010-08-14 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\NFS Underground 2
[2010-08-12 11:31:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-08-12 11:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010-08-12 11:30:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jacob\Documents\erunt-setup.exe
[2010-08-12 00:51:31 | 007,002,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010-08-12 00:51:31 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010-08-12 00:51:31 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010-08-12 00:51:29 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010-08-12 00:51:27 | 009,818,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010-08-12 00:51:27 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010-08-12 00:51:27 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010-08-12 00:51:26 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010-08-12 00:51:26 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010-08-12 00:51:25 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010-08-12 00:51:25 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll
[2010-08-12 00:51:25 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010-08-12 00:48:34 | 160,870,672 | ---- | C] (NVIDIA Corporation) -- C:\Users\Jacob\Documents\258.96_desktop_win7_winvista_64bit_international_whql.exe
[2010-08-12 00:31:28 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\AVG Security Toolbar
[2010-08-11 23:41:28 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010-08-11 23:41:26 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010-08-11 23:41:24 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010-08-11 23:41:22 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010-08-11 23:41:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010-08-11 23:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010-08-11 23:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010-08-11 23:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010-08-11 21:22:34 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Users\Jacob\Documents\ccsetup234.exe
[2010-08-11 21:20:59 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Users\Jacob\Documents\avg_free_stb_all_9_115_cnet(2).exe
[2010-08-11 21:19:53 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Users\Jacob\Documents\avg_free_stb_all_9_115_cnet.exe
[2010-08-09 20:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010-08-09 20:33:18 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010-08-09 20:33:18 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010-08-09 20:33:16 | 019,114,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010-08-09 20:33:11 | 003,089,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010-08-09 20:33:09 | 006,116,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010-08-09 20:33:09 | 002,761,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010-08-09 20:33:06 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010-08-09 20:27:58 | 128,203,752 | ---- | C] (NVIDIA Corporation) -- C:\Users\Jacob\Documents\258.96_desktop_win7_winvista_64bit_english_whql.exe
[2010-08-09 20:26:15 | 041,586,672 | ---- | C] (Intel Corporation) -- C:\Users\Jacob\Documents\Win7Vista_64_15179.exe
[2010-08-09 20:14:56 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Documents\AHCI_Intel_8.5.0.1032_Vistax64
[2010-08-09 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Documents\Chipset_Intel_9.1.0.1007_Vistax64
[2010-07-27 14:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2010-07-22 18:10:51 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\Ubisoft
[2009-02-12 03:06:15 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Jacob\Documents\*.tmp files -> C:\Users\Jacob\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010-08-16 22:26:36 | 007,340,032 | -HS- | M] () -- C:\Users\Jacob\ntuser.dat
[2010-08-16 22:15:20 | 063,499,870 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010-08-16 22:11:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jacob\Documents\OTL.exe
[2010-08-16 22:11:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010-08-16 22:11:03 | 000,084,013 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010-08-16 22:11:03 | 000,084,013 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010-08-16 22:10:54 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-08-16 22:10:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-08-16 22:10:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-08-16 22:10:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-08-16 22:10:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-08-15 21:13:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-08-15 11:41:22 | 000,524,288 | -HS- | M] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TMContainer00000000000000000001.regtrans-ms
[2010-08-15 11:41:22 | 000,065,536 | -HS- | M] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TM.blf
[2010-08-15 11:00:36 | 001,263,954 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-08-15 11:00:36 | 001,257,208 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010-08-15 11:00:36 | 000,912,830 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-08-15 11:00:36 | 000,374,004 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-08-15 11:00:36 | 000,362,460 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010-08-15 11:00:21 | 004,016,493 | -H-- | M] () -- C:\Users\Jacob\AppData\Local\IconCache.db
[2010-08-15 02:01:06 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-08-14 22:55:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2010-08-14 18:20:57 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2010-08-14 17:45:53 | 000,016,384 | ---- | M] () -- C:\Users\Jacob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-12 13:14:24 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010-08-12 11:52:36 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-08-12 11:30:42 | 000,000,947 | ---- | M] () -- C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010-08-12 11:30:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jacob\Documents\erunt-setup.exe
[2010-08-12 00:57:42 | 000,380,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-08-12 00:51:11 | 160,870,672 | ---- | M] (NVIDIA Corporation) -- C:\Users\Jacob\Documents\258.96_desktop_win7_winvista_64bit_international_whql.exe
[2010-08-12 00:47:00 | 000,102,824 | ---- | M] () -- C:\Users\Jacob\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-08-12 00:44:03 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
[2010-08-12 00:35:35 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010-08-11 23:41:29 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010-08-11 23:41:29 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010-08-11 23:41:27 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010-08-11 23:41:24 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010-08-11 23:41:23 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010-08-11 23:41:22 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010-08-11 21:22:40 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Users\Jacob\Documents\ccsetup234.exe
[2010-08-11 21:20:59 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Users\Jacob\Documents\avg_free_stb_all_9_115_cnet(2).exe
[2010-08-11 21:19:55 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Users\Jacob\Documents\avg_free_stb_all_9_115_cnet.exe
[2010-08-11 21:11:24 | 001,704,384 | ---- | M] () -- C:\Users\Jacob\Documents\FrontlineRegCleanerSetup.exe
[2010-08-11 20:55:51 | 000,524,288 | -HS- | M] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TMContainer00000000000000000002.regtrans-ms
[2010-08-11 09:51:50 | 000,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010-08-11 09:51:50 | 000,065,536 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010-08-09 20:32:18 | 001,205,760 | ---- | M] () -- C:\Users\Jacob\Documents\pidenu24.msi
[2010-08-09 20:30:06 | 128,203,752 | ---- | M] (NVIDIA Corporation) -- C:\Users\Jacob\Documents\258.96_desktop_win7_winvista_64bit_english_whql.exe
[2010-08-09 20:26:56 | 041,586,672 | ---- | M] (Intel Corporation) -- C:\Users\Jacob\Documents\Win7Vista_64_15179.exe
[2010-08-09 20:16:20 | 106,367,079 | ---- | M] () -- C:\Users\Jacob\Documents\VGA_ATI_8.533.0.0000_Vistax64_A.zip
[2010-08-09 20:12:00 | 000,237,922 | ---- | M] () -- C:\Users\Jacob\Documents\AHCI_Intel_8.5.0.1032_Vistax64_A.zip
[2010-08-09 20:11:43 | 005,340,072 | ---- | M] () -- C:\Users\Jacob\Documents\Chipset_Intel_9.1.0.1007_Vistax64_A.zip
[2010-07-27 14:12:19 | 003,229,726 | ---- | M] () -- C:\Users\Jacob\Documents\YouTubeDownloaderSetup257.exe
[2010-07-20 15:35:55 | 000,002,411 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-07-20 01:41:53 | 000,005,907 | ---- | M] () -- C:\Users\Jacob\Documents\SpamThrottle_1.4.zip
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Jacob\Documents\*.tmp files -> C:\Users\Jacob\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010-08-15 11:22:21 | 000,171,136 | RHS- | C] () -- C:\grldr
[2010-08-14 18:20:57 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2010-08-12 11:30:42 | 000,000,947 | ---- | C] () -- C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010-08-12 00:44:03 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
[2010-08-12 00:35:35 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010-08-11 23:41:29 | 000,001,693 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010-08-11 23:41:22 | 063,499,870 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010-08-11 23:41:22 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010-08-11 21:11:22 | 001,704,384 | ---- | C] () -- C:\Users\Jacob\Documents\FrontlineRegCleanerSetup.exe
[2010-08-11 20:53:13 | 000,524,288 | -HS- | C] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TMContainer00000000000000000002.regtrans-ms
[2010-08-11 20:53:13 | 000,524,288 | -HS- | C] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TMContainer00000000000000000001.regtrans-ms
[2010-08-11 20:53:13 | 000,065,536 | -HS- | C] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TM.blf
[2010-08-09 20:32:11 | 001,205,760 | ---- | C] () -- C:\Users\Jacob\Documents\pidenu24.msi
[2010-08-09 20:12:00 | 000,237,922 | ---- | C] () -- C:\Users\Jacob\Documents\AHCI_Intel_8.5.0.1032_Vistax64_A.zip
[2010-08-09 20:11:54 | 106,367,079 | ---- | C] () -- C:\Users\Jacob\Documents\VGA_ATI_8.533.0.0000_Vistax64_A.zip
[2010-08-09 20:11:31 | 005,340,072 | ---- | C] () -- C:\Users\Jacob\Documents\Chipset_Intel_9.1.0.1007_Vistax64_A.zip
[2010-07-27 14:12:14 | 003,229,726 | ---- | C] () -- C:\Users\Jacob\Documents\YouTubeDownloaderSetup257.exe
[2010-07-20 01:41:52 | 000,005,907 | ---- | C] () -- C:\Users\Jacob\Documents\SpamThrottle_1.4.zip
[2010-07-14 00:31:26 | 000,000,680 | ---- | C] () -- C:\Users\Jacob\AppData\Local\d3d9caps.dat
[2010-07-14 00:30:16 | 000,000,732 | ---- | C] () -- C:\Users\Jacob\AppData\Local\d3d9caps64.dat
[2010-06-18 17:00:20 | 000,434,176 | ---- | C] () -- C:\Users\Jacob\AppData\Local\dd_vcredistMSI0A85.txt
[2010-06-18 17:00:19 | 000,026,398 | ---- | C] () -- C:\Users\Jacob\AppData\Local\dd_vcredistUI0A85.txt
[2010-05-28 23:38:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010-05-27 22:50:28 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010-05-01 18:20:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010-03-30 23:54:23 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010-03-14 15:13:33 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010-03-06 17:11:26 | 000,084,013 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010-03-06 17:09:59 | 000,084,013 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010-01-27 16:31:17 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-01-27 16:31:17 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009-09-24 12:17:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009-09-24 12:17:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-09-16 21:45:16 | 000,000,140 | ---- | C] () -- C:\Users\Jacob\AppData\Roaming\wklnhst.dat
[2009-07-21 03:56:01 | 000,016,384 | ---- | C] () -- C:\Users\Jacob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-15 00:58:49 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-07-13 19:46:44 | 001,413,426 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009-07-13 19:23:15 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009-07-13 19:23:15 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008-02-05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Users\Jacob\AppData\Local\setup.txt
[2008-01-21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010-08-15 21:13:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009-08-04 13:26:38 | 000,000,216 | ---- | M] () -- C:\DebugTrace-RockallDLL.log
[2009-08-02 10:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr
[2010-08-16 22:10:30 | 304,353,278 | -HS- | M] () -- C:\pagefile.sys
[2009-02-11 19:52:03 | 000,000,787 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006-11-02 17:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006-11-02 17:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006-11-02 17:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-09-27 22:48:42 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006-09-18 23:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2006-10-19 10:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
[2006-10-19 10:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr
[2009-07-10 13:16:32 | 000,307,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008-01-21 05:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F3176E45
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:793F316E
< End of report >
Extras.Txt
OTL Extras logfile created on: 16-08-2010 22:25:17 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Jacob\Documents
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy
8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 67,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366,72 Gb Total Space | 97,31 Gb Free Space | 26,54% Space Free | Partition Type: NTFS
Drive D: | 550,13 Gb Total Space | 531,01 Gb Free Space | 96,52% Space Free | Partition Type: NTFS
Drive E: | 680,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465,76 Gb Total Space | 442,43 Gb Free Space | 94,99% Space Free | Partition Type: NTFS
Computer Name: JACOB-PC
Current User Name: Jacob
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 55 11 BA BB B5 3F CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1820557719-3444975308-3352224137-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A773B247-69B3-4A5D-95B0-BE7A67E495BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A853B51D-E51A-4711-8FA6-2019F760307D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DC2693C2-F84D-4A7D-9F7D-782DE5ED0ED3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{070165D3-8EB0-4990-9496-5B8919F14A20}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
"{07849139-4BC1-466E-951C-0B7CFD148A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{09B00150-7D22-4AB5-AF87-0328560A1E1A}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{0A187E18-2E60-479B-903E-78EEB8163B31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{0BF4F4B2-7B6B-4217-94D6-6C165FFED8B0}" = protocol=6 | dir=in | app=c:\users\jacob\appdata\roaming\dropbox\bin\dropbox.exe |
"{0D86C49D-2C38-4272-94B1-F722F879FFC7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1023050F-6E41-4EEF-B69D-CDB8531FF16D}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{131A947D-AC20-4D11-876F-0437B1DBB090}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
"{1375A65F-8BD8-48D9-8831-80ADEBD6C1BE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{1A7725CB-7DB4-49D9-8577-AD5D5A07951A}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{1C4B1DFB-21A9-4FE4-AC82-D6C91D8E8E93}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{1D4F7687-0BDF-4769-9751-58788270FA58}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{223E02DE-E57A-4FF8-AF8A-0EEA0DEA7F5C}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{2252D70B-F9AF-42A4-9CB6-3AECE90F7DFE}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{23A1B995-A0E9-414D-BC64-D52A67272F12}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\codename panzers cold war\home\game\cpcw.exe |
"{26E2A6FF-B5E7-4813-9F2D-5D6E2123A9A8}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{27528C5E-363E-48E3-911E-DCB5BA17D02C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{2F5F7A2A-66FD-4D35-B85C-7661EC0EB35A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2F7DA257-F187-4648-805D-05B854D7AF03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{3A4592D4-0BA2-4C5F-B69F-866BF555D621}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{3B5C159A-B477-47FA-B6BB-2887F6BDE859}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{3F107409-8B62-430B-BEF8-D6AEB8FB48AC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{43792D5F-7583-4C42-984D-3B82B927862A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{43A332BD-B096-4A39-A6C5-F6F7BF449209}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{44B644AB-D867-4C0E-91E0-0FC0234EFF40}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{458E2F6B-F52A-4F2A-8A3D-3904A622F1C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4ADB7E5F-4C5A-42B1-9B10-09E3E63856BD}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{4E65A423-F5EC-418F-9DF3-380147660878}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{4EBAF73B-6D69-42D1-9421-EEE2B90005B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jacobcnops\counter-strike source\hl2.exe |
"{5197670C-BECA-4817-A5BD-F09B87B89492}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5E273062-CCB3-4513-8134-380A3597A978}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{5E98D5B5-6926-4D7A-9DE8-92C76F86143C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{619AA2BE-9492-4465-96F0-57A75B62212D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{644EF500-19A6-4AF5-AB18-CB90C98E28D2}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{65E2DEF2-DC26-4694-9382-A857E1D47B23}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6844A651-2CC0-472C-ADC2-6C62A6335E09}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{6A6FA8FF-96FF-4306-9EC4-958C14003E57}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{6CB41B8E-FDF3-494E-8465-357D2C99AA17}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6F3F988B-4962-4167-8EBB-5D7EB8CBB094}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{734021A1-B040-41F0-BBF1-B44144E607E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{764FC499-D79D-4E0A-B291-42BBFFBA0E20}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{7972EF00-5442-47B0-8D1C-B6A450867E7A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{8073EA68-CFCA-4F4C-9CBE-4E5DC349F6F7}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{81162AB2-E7F0-4F12-B19D-BAB374C98BE9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8171DCA4-07B3-4A20-B59A-0B6FEDC519F9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{827D4748-BE07-44BF-B403-50F60FFD90AD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{84B338F7-FF92-4699-A6AE-7168DFA7FBC4}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{84AA4E07-FF98-457D-AEE8-9240903786ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8672257B-E910-454E-BF7A-EB2785836407}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{8C9106F9-04DC-4644-8463-EE7689313A40}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{8E20BB12-1369-491B-969B-E1660855E3B6}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3\binaries\ut3.exe |
"{8E7D650F-F1A2-42A0-A898-0B95DC6D7E7E}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{91279459-7868-4D93-B43D-1E2210D4C01A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{929507B3-320B-422E-8850-5D6AC68A1622}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{959407B5-1F1B-4BFE-8789-B45DC1269B64}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{997E7C6E-CF2D-4692-90DF-5FBD630C6000}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{9F094A66-EB1F-4F28-B7D3-3E51EB37FD30}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{A6CD8FA0-F5C9-40AF-818C-4658CB4399C7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{AB740EE8-B5F0-4158-BBA7-00B6B339F43E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{AC293E89-27DC-4C66-8ABF-C64D13FC2209}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{B30314D7-8596-4370-ABB1-BE2A1591BF57}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{B5668A9C-3764-41DD-8C3E-25DB8A186F99}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe |
"{BEB708F7-0055-4ADD-8330-1A86407F36CF}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\codename panzers cold war\home\game\cpcw.exe |
"{BEDC942D-F427-4EBB-A40D-80E8107D7F43}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{BFE2B5A9-E44D-4630-8D06-A8BF2BFB72AA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C0A75CAF-6104-4E2B-92CF-B0D75FACEB52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{CA767D93-6F8F-4280-80CE-82FEF9751795}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CCDE65A0-AC17-445F-9B00-F1CCA67E2C6F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{CCE34B03-BCF3-424C-B948-3B24865B100C}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{CE72B544-1742-477F-B329-C63A9021A78C}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{D1A783C2-7EA1-4942-821C-93BF6A3DC38E}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{D1DBC513-154B-4F25-9BB9-5095137D241F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jacobcnops\counter-strike source\hl2.exe |
"{D2DE78AC-72B5-4778-84AC-262C868F50FE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{D325D5E7-3C34-4DE2-8705-3BE8E4C1495E}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{D4081301-63BB-470C-9F8F-DA4830B591C8}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{D6065028-FB6F-46BB-8BFE-585DC755206E}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D79F3B41-EE05-4A76-865A-821999894AAB}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{D8C849F8-8A71-4177-A3A6-FD2429D940F6}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{DA4B941E-0F5E-4ECC-B12E-AE7BC8F18D02}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DCAF3C6B-14E3-4086-9341-5C2B37289A53}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{DDF894E8-F7C9-45F1-93B4-4B38401EB3F7}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{DE0FC88F-63DA-42F9-BCDC-4FA44536CFB3}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{DEC3862A-326E-4312-B17D-16A64D8185C8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{DED4FF61-F65A-4BD7-93A1-3553B853D12D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{DFB8577B-6398-4D34-A54E-4FB11E9011A9}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{EFFEE0DC-7367-456C-969A-11B6C981F968}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{F1E3F646-0C19-4C13-BD7D-29E39BAA1DC6}" = protocol=17 | dir=in | app=c:\users\jacob\appdata\roaming\dropbox\bin\dropbox.exe |
"{FE8A8497-41F0-4224-8A8D-E56EEF2A528D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{AA049CC0-1552-49E8-B7D2-65D07FF13971}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"TCP Query User{B8979657-372E-4261-B269-2A7830C44082}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{6D14517B-AC05-4B25-A0C6-7F6C803BD104}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ASUS Bluetooth Software
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0406-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Danish) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B69349AE-2D41-3708-8BA4-4DC22645CA04}" = Microsoft .NET Framework 3.5 Language Pack SP1 - dan
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"Microsoft .NET Framework 3.5 Language Pack SP1 - dan" = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) Network Connections 15.2.89.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07043840-8EBE-4287-85D8-8EC76D88B906}" = Microsoft Math 3.0
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Overførselsværktøj til Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F3082BF-4A3B-45CA-805F-52DBBFD3C645}" = Windows Live Essentials
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45A2D49C-8124-4015-A8B3-073A827EC5C1}" = Windows Live Sync
"{470E9A78-A276-46EB-85F1-05625C766889}" = HTC Sync
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6F9DF109-4D98-46e1-BCE8-8EB6AA1DBF35}" = Microsoft Works
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files (x86)\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2007
"{90120000-0015-0406-0000-0000000FF1CE}_ENTERPRISE_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
"{90120000-0016-0406-0000-0000000FF1CE}_ENTERPRISE_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
"{90120000-0018-0406-0000-0000000FF1CE}_ENTERPRISE_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2007
"{90120000-0019-0406-0000-0000000FF1CE}_ENTERPRISE_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
"{90120000-001A-0406-0000-0000000FF1CE}_ENTERPRISE_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
"{90120000-001B-0406-0000-0000000FF1CE}_ENTERPRISE_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_ENTERPRISE_{25E093C2-374E-44A9-9BCE-3881BD442F3F}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0406-1000-0000000FF1CE}_ENTERPRISE_{50865937-2EBB-4BBF-8861-BF5972C95D4B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0406-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2007
"{90120000-0044-0406-0000-0000000FF1CE}_ENTERPRISE_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}_ENTERPRISE_{50865937-2EBB-4BBF-8861-BF5972C95D4B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0406-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2007
"{90120000-00A1-0406-0000-0000000FF1CE}_ENTERPRISE_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0406-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2007
"{90120000-00BA-0406-0000-0000000FF1CE}_ENTERPRISE_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{94B8F069-F223-4F48-BC88-7104CBA77F30}" = Windows Live Messenger
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = The Godfather™ II
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1030-7B44-A93000000001}" = Adobe Reader 9.3.3 - Dansk
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{BFD09E5B-6D40-4CAD-A349-103BFEF1C574}" = Windows Live Mail
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D7EC54D8-3D95-4F9D-A191-59C9BB7F5AC9}" = Windows Live Photo Gallery
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E80F9ABB-618D-4B9E-9EA0-5BF6A7C2FE9D}" = Tilmeldingsassistent til Windows Live
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2485BF4-830D-4D7F-B553-3B125CCFB255}" = Codename: Panzers Cold War
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FC0C6E54-BCD4-42C5-BEAA-4FFFEC499EE0}" = Windows Live Writer
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Applian FLV Player2.0.24" = Applian FLV Player
"AVG9Uninstall" = AVG Free 9.0
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Diablo II" = Diablo II
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 User’s Guide" = Epson Stylus SX110_TX110 Manual
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.2.8.1
"Fraps" = Fraps
"GameSpy Arcade" = GameSpy Arcade
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MobMap_is1" = MobMap 3.43
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Steam App 16450" = F.E.A.R. 2: Project Origin
"Steam App 24960" = Battlefield: Bad Company 2
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR arkivering
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Octoshape Streaming Services" = Octoshape Streaming Services
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10-08-2010 03:41:15 | Computer Name = Jacob-PC | Source = WinMgmt | ID = 10
Description =
Error - 10-08-2010 03:46:57 | Computer Name = Jacob-PC | Source = WinMgmt | ID = 10
Description =
Error - 10-08-2010 03:51:47 | Computer Name = Jacob-PC | Source = WinMgmt | ID = 10
Description =
Error - 10-08-2010 03:57:48 | Computer Name = Jacob-PC | Source = LoadPerf | ID = 3012
Description =
Error - 10-08-2010 03:57:48 | Computer Name = Jacob-PC | Source = LoadPerf | ID = 3012
Description =
Error - 10-08-2010 03:57:48 | Computer Name = Jacob-PC | Source = LoadPerf | ID = 3011
Description =
Error - 10-08-2010 08:16:11 | Computer Name = Jacob-PC | Source = WinMgmt | ID = 10
Description =
Error - 10-08-2010 08:22:16 | Computer Name = Jacob-PC | Source = LoadPerf | ID = 3012
Description =
Error - 10-08-2010 08:22:16 | Computer Name = Jacob-PC | Source = LoadPerf | ID = 3012
Description =
Error - 10-08-2010 08:22:16 | Computer Name = Jacob-PC | Source = LoadPerf | ID = 3011
Description =
[ System Events ]
Error - 15-08-2010 04:49:08 | Computer Name = Jacob-PC | Source = Dhcp | ID = 1001
Description = Computeren fik ikke tildelt en adresse fra netværket (af DHCP-serveren)
til netværkskortet med netværksadressen 0023C3DF10E8. Der opstod følgende fejl:
%%1223. Computeren vil fortsat forsøge at få tildelt en adresse fra netværksadresseserveren
(DHCP).
Error - 15-08-2010 04:53:18 | Computer Name = Jacob-PC | Source = Dhcp | ID = 1001
Description = Computeren fik ikke tildelt en adresse fra netværket (af DHCP-serveren)
til netværkskortet med netværksadressen 0023C3E7B75D. Der opstod følgende fejl:
%%121. Computeren vil fortsat forsøge at få tildelt en adresse fra netværksadresseserveren
(DHCP).
Error - 15-08-2010 04:53:43 | Computer Name = Jacob-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 15-08-2010 04:53:43 | Computer Name = Jacob-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15-08-2010 04:53:43 | Computer Name = Jacob-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 15-08-2010 04:59:34 | Computer Name = Jacob-PC | Source = Dhcp | ID = 1001
Description = Computeren fik ikke tildelt en adresse fra netværket (af DHCP-serveren)
til netværkskortet med netværksadressen 0023C3E7B75D. Der opstod følgende fejl:
%%121. Computeren vil fortsat forsøge at få tildelt en adresse fra netværksadresseserveren
(DHCP).
Error - 15-08-2010 05:39:09 | Computer Name = Jacob-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 15-08-2010 05:39:24 | Computer Name = Jacob-PC | Source = Dhcp | ID = 1001
Description = Computeren fik ikke tildelt en adresse fra netværket (af DHCP-serveren)
til netværkskortet med netværksadressen 0023C37A56D8. Der opstod følgende fejl:
%%121. Computeren vil fortsat forsøge at få tildelt en adresse fra netværksadresseserveren
(DHCP).
Error - 16-08-2010 16:11:32 | Computer Name = Jacob-PC | Source = Dhcp | ID = 1001
Description = Computeren fik ikke tildelt en adresse fra netværket (af DHCP-serveren)
til netværkskortet med netværksadressen 0023C385C9DF. Der opstod følgende fejl:
%%1223. Computeren vil fortsat forsøge at få tildelt en adresse fra netværksadresseserveren
(DHCP).
Error - 16-08-2010 16:11:40 | Computer Name = Jacob-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
About the spybot report i'm not really sure but I hope this is what you need:
--- Search result list ---
Win32.FraudLoad.edt: [SBI $990B0E99] M mappe type (Registreringsdatabasenøgle, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{C20EE2D6-81C3-6A08-79C5-1989DA43BC19}
Win32.FraudLoad.edt: [SBI $990B0E99] M mappe type (Registreringsdatabasenøgle, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{C20EE2D6-81C3-6A08-79C5-1989DA43BC19}
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-09 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-07-20 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-20 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-20 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-07-20 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-07-20 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-20 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-20 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-20 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-07-13 Includes\Trojans.sbi (*)
2010-07-20 Includes\TrojansC-02.sbi (*)
2010-07-20 Includes\TrojansC-03.sbi (*)
2010-07-20 Includes\TrojansC-04.sbi (*)
2010-07-20 Includes\TrojansC-05.sbi (*)
2010-07-20 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Security Update (KB979906)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 976832
MD5: 0B232C77D822983397674AEEC9AB59DC
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: A32B25970003B6ABA027EFF8EEDA12A3
Located: HK_LM:Run, AVG9_TRAY
command: C:\PROGRA~2\AVG\AVG9\avgtray.exe
file: C:\PROGRA~2\AVG\AVG9\avgtray.exe
size: 2065760
MD5: E9B04FD2921ACE22CA17FA7D5131F491
Located: HK_LM:Run, EEventManager
command: C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
file: C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
size: 673616
MD5: 90A3525C7399B7784D28F99EA1A51C4C
Located: HK_LM:Run, eRecoveryService
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
size: 31072
MD5: 644795F6985C740F5E36E9336B837D0B
Located: HK_LM:Run, LogMeIn Hamachi Ui
command: "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
file: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
size: 1820040
MD5: 898637AA2872A16540117EE4E8E0B6E0
Located: HK_LM:Run, Mobile Connectivity Suite
command: "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
file: C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
size: 598016
MD5: 2038D8DBC7C3B8BC978E684258D7B87E
Located: HK_LM:Run, PCMMediaSharing
command: "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
file: C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
size: 204908
MD5: 37728F6DB0A8D31B0A1C49A7228E1D34
Located: HK_LM:Run, RemoteControl
command: "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
file: C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915A106A2FB87292CEF0AD4F36ADF313
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
file: C:\Program Files (x86)\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
Located: HK_LM:Run, TkBellExe
command: "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
size: 202256
MD5: E2724029D3648C2EB226D16678727FA9
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4
Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8
Located: HK_CU:Run, EA Core
where: S-1-5-21-1820557719-3444975308-3352224137-1000...
command: "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
file: C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-1820557719-3444975308-3352224137-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 138240
MD5: 65437DAD4F238EA9549408A783002222
Located: HK_CU:Run, EPSON SX110 Series
where: S-1-5-21-1820557719-3444975308-3352224137-1000...
command: C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S15F4.tmp" /EF "HKCU"
file: C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE
size: 223232
MD5: 3CD86E10CEF7E68B30508BCE509FAAD7
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-1820557719-3444975308-3352224137-1000...
command: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: 36061D9DF706A074034AE828FBC51FA3
Located: HK_CU:Run, Octoshape Streaming Services
where: S-1-5-21-1820557719-3444975308-3352224137-1000...
command: "C:\Users\Jacob\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
file: C:\Users\Jacob\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
size: 70936
MD5: C4EFFE930649C758E208BDED65B408CB
Located: HK_CU:Run, Steam
where: S-1-5-21-1820557719-3444975308-3352224137-1000...
command: "C:\Program Files (x86)\Steam\Steam.exe" -silent
file: C:\Program Files (x86)\Steam\Steam.exe
size: 1238352
MD5: 448948EDEBA04EF4C4D04F9ADCF0305B
Located: HK_CU:Run, swg
where: S-1-5-21-1820557719-3444975308-3352224137-1000...
command: "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
Located: Startup (fælles), Bluetooth.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\ASUS\Bluetooth Software\BTTray.exe
file: C:\Program Files (x86)\ASUS\Bluetooth Software\BTTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (fælles), SmartCopy.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
file: C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
size: 319488
MD5: 7E433ED3F7822E46E759956D0ECB7AA4
Located: Startup (fælles), SmartLauncher.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
file: C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
size: 335872
MD5: 5B2819B7FCD02A0FA4386A718DB0274A
Located: Startup (bruger), Dropbox.lnk
where: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe
file: C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe
size: 21979992
MD5: 78F65B456F6145A2EC8AB4BEBC6E5E18
Located: Startup (bruger), ERUNT AutoBackup.lnk
where: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
file: C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
size: 38912
MD5: E00DE20F0F6BED5CD2160247DDC9443B
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 19-06-2010 21:29:34
Date (last access): 05-07-2010 11:32:34
Date (last write): 19-06-2010 21:29:34
Filesize: 75200
Attributes: archive
MD5: 6D9042F1443A601DA8DC24D991EDDD0A
CRC32: 10990AC8
Version: 9.3.3.177
{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 14-03-2010 15:11:40
Date (last access): 24-05-2010 23:06:22
Date (last write): 24-05-2010 23:06:22
Filesize: 341600
Attributes: archive
MD5: 0200D126A4DC2721C0B7DD85DACB7CC6
CRC32: 817712DF
Version: 12.0.1.303
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files (x86)\AVG\AVG9\
Long name: avgssie.dll
Short name:
Date (created): 11-08-2010 23:40:58
Date (last access): 11-08-2010 23:40:58
Date (last write): 11-08-2010 23:40:58
Filesize: 1619296
Attributes: archive
MD5: 9709500432501607C7DD32B9F2B07E1F
CRC32: DD3F49C2
Version: 9.0.0.845
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 09-09-2009 11:44:20
Date (last access): 09-09-2009 11:44:20
Date (last write): 26-01-2009 15:31:02
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files (x86)\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 12-02-2009 16:19:32
Date (last access): 29-12-2009 13:36:06
Date (last write): 12-02-2009 16:19:32
Filesize: 2217848
Attributes: archive
MD5: A6B5A41C0ED007AB6C43CAD899E533D8
CRC32: BA078F79
Version: 12.0.6421.1000
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Hjælp til tilmelding til Windows Live)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Hjælp til tilmelding til Windows Live
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22-01-2009 15:41:30
Date (last access): 15-07-2009 01:11:48
Date (last write): 22-01-2009 15:41:30
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar BHO
Path: C:\Program Files (x86)\AVG\AVG9\Toolbar\
Long name: IEToolbar.dll
Short name: IETOOL~1.DLL
Date (created): 11-08-2010 23:41:20
Date (last access): 11-08-2010 23:41:20
Date (last write): 30-06-2010 14:22:42
Filesize: 2102600
Attributes: archive
MD5: 3ED37B2A3C73CABD84F55DADA2D5F137
CRC32: C1ADF7B6
Version: 4.906.30.2
{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: C:\Program Files (x86)\Google\Google Toolbar\
Long name: GoogleToolbar_32.dll
Short name: GOOGLE~1.DLL
Date (created): 13-07-2009 19:41:28
Date (last access): 13-07-2009 19:41:28
Date (last write): 14-07-2010 18:01:32
Filesize: 278192
Attributes: archive
MD5: 389947CAD1A9C504DF6285AA1E7BE6F1
CRC32: 0E1D36F2
Version: 6.5.708.1000
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\
Long name: swg.dll
Short name:
Date (created): 07-06-2010 10:51:14
Date (last access): 07-06-2010 10:51:14
Date (last write): 07-06-2010 10:51:14
Filesize: 814648
Attributes: archive
MD5: 42CB4EE0B0FC259C8AD20B460FA7D72A
CRC32: 75993AD8
Version: 5.5.5126.1836
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 06-10-2009 19:25:34
Date (last access): 11-10-2009 05:18:20
Date (last write): 11-10-2009 05:17:30
Filesize: 41760
Attributes: archive
MD5: C9EDE29F223A27873E187D9FB6045EA6
CRC32: 5951C3E0
Version: 6.0.170.4
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 06-10-2009 19:25:34
Date (last access): 11-10-2073 05:18:18
Date (last write): 11-10-2009 05:17:30
Filesize: 100128
Attributes: archive
MD5: 048369C957BCE15E4628FDEB65820BE8
CRC32: C8C19051
Version: 6.0.170.4
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 06-10-2009 19:25:34
Date (last access): 11-10-2073 05:18:18
Date (last write): 11-10-2009 05:17:30
Filesize: 100128
Attributes: archive
MD5: 048369C957BCE15E4628FDEB65820BE8
CRC32: C8C19051
Version: 6.0.170.4
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_17
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_17.dll
Short name: NPJPI1~1.DLL
Date (created): 11-10-2009 03:14:36
Date (last access): 11-10-2073 05:18:30
Date (last write): 11-10-2009 05:17:30
Filesize: 136992
Attributes: archive
MD5: 3D58770680F268A23A8CE1F14B49AA2F
CRC32: 6091A816
Version: 6.0.170.4
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 2540 (2656) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
size: 3883856
MD5: 36061D9DF706A074034AE828FBC51FA3
PID: 1348 (2656) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 2808 (2656) C:\Program Files (x86)\Steam\steam.exe
size: 1238352
MD5: 448948EDEBA04EF4C4D04F9ADCF0305B
PID: 1340 (2656) C:\Users\Jacob\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
size: 70936
MD5: C4EFFE930649C758E208BDED65B408CB
PID: 2200 (2656) C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
size: 319488
MD5: 7E433ED3F7822E46E759956D0ECB7AA4
PID: 2392 (2656) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
size: 335872
MD5: 5B2819B7FCD02A0FA4386A718DB0274A
PID: 2916 (2984) C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
size: 32768
MD5: 915A106A2FB87292CEF0AD4F36ADF313
PID: 2784 (2984) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
size: 149280
MD5: 3A0647BDED81DBE0BCBB51D70B22C9E0
PID: 2780 (2436) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
size: 454704
MD5: 1891EEF1A57520E272AF39A56C9C6CB5
PID: 3180 (2984) C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
size: 598016
MD5: 2038D8DBC7C3B8BC978E684258D7B87E
PID: 3188 (2984) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
size: 202256
MD5: E2724029D3648C2EB226D16678727FA9
PID: 3220 (2984) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
size: 673616
MD5: 90A3525C7399B7784D28F99EA1A51C4C
PID: 3236 (2984) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
size: 1820040
MD5: 898637AA2872A16540117EE4E8E0B6E0
PID: 3308 (1176) C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
size: 139264
MD5: 7646CB9C5A4FF8BA647E0912A3568C41
PID: 3388 (2984) C:\Program Files (x86)\AVG\AVG9\avgtray.exe
size: 2065760
MD5: E9B04FD2921ACE22CA17FA7D5131F491
PID: 3404 (2656) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 910296
MD5: BACCDA841C689D1CBA941F478E8ED24B
PID: 3416 (2656) C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe
size: 21979992
MD5: 78F65B456F6145A2EC8AB4BEBC6E5E18
PID: 3472 (1176) C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
size: 106496
MD5: CBA29D7C16A56A701C0B3D7A68D84128
PID: 3604 (1176) C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
size: 557056
MD5: 719F8B85BC9F3F228ED5C5A2278BC2A5
PID: 3980 (3604) C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
size: 389120
MD5: 49B73C13B18A937ADA125246000E4320
PID: 3992 (1176) C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
size: 1011712
MD5: 147C73E395BE482C4554BDA774DFBBF7
PID: 4000 (3992) C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
size: 356352
MD5: 960542EE21D995075E3FEAECA16D0686
PID: 3320 (1176) C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
size: 462848
MD5: 5ADFCB35574F707B8DB81E2E26D529DA
PID: 2972 (3320) C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
size: 253952
MD5: 7FEDFF546879C6B31BA2D00B443F800C
PID: 1224 (3404) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
size: 14808
MD5: 642FA80C2C43EE609313746AA305DC86
PID: 728 (3404) C:\Users\Jacob\Documents\OTL.exe
size: 575488
MD5: 127560FD56C09FB09A18EFE48D2FDD8E
PID: 3316 (2656) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5240 (3316) C:\Windows\SysWOW64\hh.exe
size: 14848
MD5: 7C06CED2F7B9272A126D53A2A9F52AC0
PID: 4 ( 0) System
PID: 508 ( 4) smss.exe
PID: 576 ( 564) csrss.exe
PID: 644 ( 564) wininit.exe
size: 96768
PID: 664 ( 656) csrss.exe
PID: 672 ( 644) avgchsva.exe
PID: 684 ( 644) avgrsa.exe
PID: 716 ( 656) winlogon.exe
size: 314368
PID: 764 ( 684) avgcsrva.exe
PID: 808 ( 644) services.exe
size: 279552
PID: 844 ( 644) lsass.exe
PID: 852 ( 644) lsm.exe
size: 229888
PID: 1176 ( 808) svchost.exe
size: 21504
PID: 1228 ( 808) nvvsvc.exe
PID: 1260 ( 808) svchost.exe
size: 21504
PID: 1388 ( 808) svchost.exe
size: 21504
PID: 1416 ( 808) svchost.exe
size: 21504
PID: 1428 ( 808) svchost.exe
size: 21504
PID: 1500 (1388) audiodg.exe
size: 88576
PID: 1548 ( 808) svchost.exe
size: 21504
PID: 1564 ( 808) SLsvc.exe
PID: 1596 ( 808) svchost.exe
size: 21504
PID: 1692 ( 808) btwdins.exe
PID: 1768 ( 808) svchost.exe
size: 21504
PID: 1908 (1228) nvvsvc.exe
PID: 2052 ( 808) spoolsv.exe
PID: 2076 ( 808) svchost.exe
size: 21504
PID: 2592 (1416) C:\Windows\System32\dwm.exe
PID: 2612 (1428) C:\Windows\System32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 2656 (2584) C:\Windows\explorer.exe
size: 3079168
MD5: 6B08E54A451B3F95E4109DBA7E594270
PID: 2684 (1428) taskeng.exe
size: 169984
PID: 2432 (2656) C:\Windows\RAVCpl64.exe
size: 6495264
MD5: BAA1FEA046B3F857C82595B396719AAC
PID: 2372 (2656) C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
size: 319488
MD5: E43F473CB4262EBAB41E37F3291DBE9B
PID: 2460 (2656) C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
size: 323584
MD5: D373AA365A9C7669E2E65DB6857E47DE
PID: 2436 (2656) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
size: 561200
MD5: E2A0459382FBF3436A75D28DA176F600
PID: 2848 (2656) C:\Windows\ehome\ehtray.exe
size: 138240
MD5: 65437DAD4F238EA9549408A783002222
PID: 2352 (1176) C:\Windows\ehome\ehmsas.exe
size: 47104
MD5: F2C56E2FB83F06831F9565E77C48078D
PID: 2680 (2656) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
size: 799784
MD5: 556FF857E84ECE4762C0A96C9BA156DC
PID: 4076 ( 808) CLMSServer.exe
PID: 2700 ( 808) avgwdsvc.exe
PID: 3100 ( 808) eDSService.exe
PID: 2408 ( 808) ETService.exe
PID: 3520 (2700) avgnsa.exe
PID: 1520 ( 808) hamachi-2.exe
PID: 4268 ( 808) SchedulerSvc.exe
PID: 4836 ( 808) PnkBstrA.exe
size: 75064
PID: 4852 ( 808) PnkBstrB.exe
size: 218808
PID: 4864 ( 808) svchost.exe
size: 21504
PID: 4888 ( 808) RichVideo.exe
PID: 4988 ( 808) nvSCPAPISvr.exe
PID: 5040 ( 808) svchost.exe
size: 21504
PID: 5092 ( 808) svchost.exe
size: 21504
PID: 4008 ( 808) SearchIndexer.exe
size: 441344
PID: 4280 (1416) WUDFHost.exe
PID: 4456 ( 808) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 5204 (2656) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 239104
MD5: B6A7E7F43234BFA6A8E6CC4110CB9448
PID: 5360 ( 808) wmpnetwk.exe
PID: 5704 ( 808) svchost.exe
size: 21504
PID: 4388 (1428) C:\Windows\System32\wuauclt.exe
PID: 5972 ( 728) C:\Windows\notepad.exe
size: 169472
MD5: 27336F3CC6B3B53043D0666AC0CA4A7F
PID: 5212 ( 728) C:\Windows\notepad.exe
size: 169472
MD5: 27336F3CC6B3B53043D0666AC0CA4A7F
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 16-08-2010 23:18:52
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6-tjenesteudbyder
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP-tjenesteudbyder
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6-tjenesteudbyder
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP-tjenesteudbyder
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Namespace Provider 0: @%SystemRoot%\system32\nlasvc.dll,-1000
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\system32\NLAapi.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: Shim-provider til e-mail-navngivning
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: Provider til navneområde for PNRP-sky
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: Provider til navneområde for PNRP-navne
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Hi again,
Let's run OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
:Reg
[-HKEY_CLASSES_ROOT\TypeLib\{C20EE2D6-81C3-6A08-79C5-1989DA43BC19}]
:Commands
[purity]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 21 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report & a fresh OTL.txt log.
OTL log:
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\TypeLib\{C20EE2D6-81C3-6A08-79C5-1989DA43BC19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C20EE2D6-81C3-6A08-79C5-1989DA43BC19}\ not found.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.10.0 log created on 08172010_103736
could ony find one version of Java, removed it and installed the new
ran the ATF
but then it came to the Kaspersky scan I ran into a problem I got the errors:
1. Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.
You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Key is expired]
2. Starting Java applet has failed! Please go online to use this program.
dont know what to do about that
I just ran a Spybot S&D scan and it did not found any threats
and about the OTL I assumed i should scan the same as told me before :)
here is the log
OTL logfile created on: 17-08-2010 12:43:03 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Jacob\Documents
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 73,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 366,72 Gb Total Space | 93,90 Gb Free Space | 25,60% Space Free | Partition Type: NTFS
Drive D: | 550,13 Gb Total Space | 531,01 Gb Free Space | 96,52% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465,76 Gb Total Space | 442,43 Gb Free Space | 94,99% Space Free | Partition Type: NTFS
Computer Name: JACOB-PC
Current User Name: Jacob
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Jacob\Dokumenter\OTL.exe File not found
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Users\Jacob\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe ()
PRC - C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe (North Star com.)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
========== Modules (SafeList) ==========
MOD - C:\Users\Jacob\Dokumenter\OTL.exe File not found
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programmer\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (btwdins) -- C:\Programmer\ASUS\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (btaudio) -- C:\Windows\SysNative\drivers\btaudio.sys (Broadcom Corporation.)
DRV:64bit: - (BTKRNL) -- C:\Windows\SysNative\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV:64bit: - (BTWUSB) -- C:\Windows\SysNative\Drivers\btwusb.sys (Broadcom Corporation.)
DRV:64bit: - (BTWDNDIS) -- C:\Windows\SysNative\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV:64bit: - (btwhid) -- C:\Windows\SysNative\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV:64bit: - (BTDriver) -- C:\Windows\SysNative\DRIVERS\btport.sys (Broadcom Corporation.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=1&o=vp64&d=0709&m=aspire_m7720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.dk/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.906.030.002
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010-05-24 23:06:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010-08-11 23:40:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010-08-11 23:41:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-07-25 22:39:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-08-17 10:43:04 | 000,000,000 | ---D | M]
[2009-07-13 19:43:21 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Mozilla\Extensions
[2010-08-17 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lcaj1ta1.default\extensions
[2010-07-01 16:38:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lcaj1ta1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-08-05 23:34:07 | 000,000,000 | ---D | M] -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lcaj1ta1.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009-09-14 23:04:09 | 000,002,171 | ---- | M] () -- C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\lcaj1ta1.default\searchplugins\bing.xml
[2010-08-17 12:39:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010-08-17 12:08:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-08-17 12:08:07 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010-06-29 11:48:50 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2010-06-29 11:48:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml
[2010-06-29 11:48:51 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-dk.xml
O1 HOSTS File: ([2010-04-25 18:39:18 | 000,392,729 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13565 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programmer\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Lau File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [EPSON SX110 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATIFBE.EXE File not found
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Jacob\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jacob\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send to &Bluetooth Device... - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send To Bluetooth - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\ASUS\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ff22b79-6fce-11de-bd4e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1ff22b79-6fce-11de-bd4e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRunCD.exe -- File not found
O33 - MountPoints2\{4766e5c0-a84a-11df-9a1f-002268643327}\Shell - "" = AutoRun
O33 - MountPoints2\{4766e5c0-a84a-11df-9a1f-002268643327}\Shell\AutoRun\command - "" = K:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010-08-17 12:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010-08-17 12:08:13 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-08-17 12:08:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-08-17 12:08:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010-08-17 12:07:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-08-17 10:53:46 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Jacob\Documents\ATF-Cleaner.exe
[2010-08-17 10:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-08-17 10:43:04 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-08-17 10:40:34 | 016,062,240 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Jacob\Documents\jre-6u21-windows-i586.exe
[2010-08-17 10:37:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-08-16 22:27:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010-08-16 22:27:24 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010-08-16 22:27:14 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010-08-16 22:26:54 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010-08-16 22:26:45 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010-08-16 22:26:44 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010-08-16 22:26:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010-08-16 22:26:44 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-08-16 22:26:44 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010-08-16 22:26:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010-08-16 22:26:43 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010-08-16 22:26:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010-08-16 22:26:43 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-08-16 22:26:43 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010-08-16 22:26:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-08-16 22:26:43 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-08-16 22:26:43 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010-08-16 22:26:43 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010-08-16 22:26:43 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010-08-16 22:26:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010-08-16 22:26:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010-08-16 22:26:43 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010-08-16 22:26:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010-08-16 22:26:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010-08-16 22:26:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010-08-16 22:26:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-08-16 22:26:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010-08-16 22:11:44 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jacob\Documents\OTL.exe
[2010-08-14 17:48:21 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Documents\skole
[2010-08-14 11:32:40 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\NFS Underground 2
[2010-08-12 11:31:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-08-12 11:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010-08-12 11:30:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jacob\Documents\erunt-setup.exe
[2010-08-12 00:51:31 | 007,002,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010-08-12 00:51:31 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010-08-12 00:51:31 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010-08-12 00:51:29 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010-08-12 00:51:27 | 009,818,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010-08-12 00:51:27 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010-08-12 00:51:27 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010-08-12 00:51:26 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010-08-12 00:51:26 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010-08-12 00:51:25 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010-08-12 00:51:25 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll
[2010-08-12 00:51:25 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010-08-12 00:48:34 | 160,870,672 | ---- | C] (NVIDIA Corporation) -- C:\Users\Jacob\Documents\258.96_desktop_win7_winvista_64bit_international_whql.exe
[2010-08-12 00:31:28 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Local\AVG Security Toolbar
[2010-08-11 23:41:28 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010-08-11 23:41:26 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010-08-11 23:41:24 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010-08-11 23:41:22 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010-08-11 23:41:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010-08-11 23:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010-08-11 23:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010-08-11 23:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010-08-11 21:22:34 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Users\Jacob\Documents\ccsetup234.exe
[2010-08-11 21:20:59 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Users\Jacob\Documents\avg_free_stb_all_9_115_cnet(2).exe
[2010-08-11 21:19:53 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Users\Jacob\Documents\avg_free_stb_all_9_115_cnet.exe
[2010-08-09 20:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010-08-09 20:33:18 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010-08-09 20:33:18 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010-08-09 20:33:16 | 019,114,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010-08-09 20:33:11 | 003,089,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010-08-09 20:33:09 | 006,116,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010-08-09 20:33:09 | 002,761,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010-08-09 20:33:06 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010-08-09 20:27:58 | 128,203,752 | ---- | C] (NVIDIA Corporation) -- C:\Users\Jacob\Documents\258.96_desktop_win7_winvista_64bit_english_whql.exe
[2010-08-09 20:26:15 | 041,586,672 | ---- | C] (Intel Corporation) -- C:\Users\Jacob\Documents\Win7Vista_64_15179.exe
[2010-08-09 20:14:56 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Documents\AHCI_Intel_8.5.0.1032_Vistax64
[2010-08-09 20:14:04 | 000,000,000 | ---D | C] -- C:\Users\Jacob\Documents\Chipset_Intel_9.1.0.1007_Vistax64
[2010-07-27 14:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2010-07-22 18:10:51 | 000,000,000 | ---D | C] -- C:\Users\Jacob\AppData\Roaming\Ubisoft
[2009-02-12 03:06:15 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Jacob\Documents\*.tmp files -> C:\Users\Jacob\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010-08-17 12:41:51 | 007,340,032 | -HS- | M] () -- C:\Users\Jacob\ntuser.dat
[2010-08-17 12:32:16 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-08-17 12:08:07 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-08-17 12:08:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-08-17 12:08:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-08-17 12:08:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010-08-17 11:35:09 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-08-17 11:35:09 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-08-17 10:53:51 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Jacob\Documents\ATF-Cleaner.exe
[2010-08-17 10:50:41 | 000,084,013 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010-08-17 10:50:41 | 000,084,013 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010-08-17 10:50:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010-08-17 10:50:19 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-08-17 10:50:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-08-17 10:50:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-08-17 10:48:49 | 000,524,288 | -HS- | M] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TMContainer00000000000000000001.regtrans-ms
[2010-08-17 10:48:49 | 000,065,536 | -HS- | M] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TM.blf
[2010-08-17 10:48:23 | 004,251,743 | -H-- | M] () -- C:\Users\Jacob\AppData\Local\IconCache.db
[2010-08-17 10:40:50 | 016,062,240 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Jacob\Documents\jre-6u21-windows-i586.exe
[2010-08-17 10:40:34 | 063,535,211 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010-08-17 10:34:16 | 000,380,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-08-17 00:51:10 | 001,303,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-08-17 00:51:10 | 001,296,634 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010-08-17 00:51:10 | 000,926,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-08-17 00:51:10 | 000,387,468 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-08-17 00:51:10 | 000,376,206 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010-08-16 22:55:04 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2010-08-16 22:11:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jacob\Documents\OTL.exe
[2010-08-15 21:13:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-08-14 18:20:57 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2010-08-14 17:45:53 | 000,016,384 | ---- | M] () -- C:\Users\Jacob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-08-12 13:14:24 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010-08-12 11:52:36 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010-08-12 11:30:42 | 000,000,947 | ---- | M] () -- C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010-08-12 11:30:10 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jacob\Documents\erunt-setup.exe
[2010-08-12 00:51:11 | 160,870,672 | ---- | M] (NVIDIA Corporation) -- C:\Users\Jacob\Documents\258.96_desktop_win7_winvista_64bit_international_whql.exe
[2010-08-12 00:47:00 | 000,102,824 | ---- | M] () -- C:\Users\Jacob\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-08-12 00:44:03 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
[2010-08-12 00:35:35 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010-08-11 23:41:29 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010-08-11 23:41:29 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010-08-11 23:41:27 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010-08-11 23:41:24 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010-08-11 23:41:23 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010-08-11 23:41:22 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010-08-11 21:22:40 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Users\Jacob\Documents\ccsetup234.exe
[2010-08-11 21:20:59 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Users\Jacob\Documents\avg_free_stb_all_9_115_cnet(2).exe
[2010-08-11 21:19:55 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Users\Jacob\Documents\avg_free_stb_all_9_115_cnet.exe
[2010-08-11 21:11:24 | 001,704,384 | ---- | M] () -- C:\Users\Jacob\Documents\FrontlineRegCleanerSetup.exe
[2010-08-11 20:55:51 | 000,524,288 | -HS- | M] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TMContainer00000000000000000002.regtrans-ms
[2010-08-11 09:51:50 | 000,524,288 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010-08-11 09:51:50 | 000,065,536 | -HS- | M] () -- C:\Users\Jacob\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010-08-09 20:32:18 | 001,205,760 | ---- | M] () -- C:\Users\Jacob\Documents\pidenu24.msi
[2010-08-09 20:30:06 | 128,203,752 | ---- | M] (NVIDIA Corporation) -- C:\Users\Jacob\Documents\258.96_desktop_win7_winvista_64bit_english_whql.exe
[2010-08-09 20:26:56 | 041,586,672 | ---- | M] (Intel Corporation) -- C:\Users\Jacob\Documents\Win7Vista_64_15179.exe
[2010-08-09 20:16:20 | 106,367,079 | ---- | M] () -- C:\Users\Jacob\Documents\VGA_ATI_8.533.0.0000_Vistax64_A.zip
[2010-08-09 20:12:00 | 000,237,922 | ---- | M] () -- C:\Users\Jacob\Documents\AHCI_Intel_8.5.0.1032_Vistax64_A.zip
[2010-08-09 20:11:43 | 005,340,072 | ---- | M] () -- C:\Users\Jacob\Documents\Chipset_Intel_9.1.0.1007_Vistax64_A.zip
[2010-07-27 14:12:19 | 003,229,726 | ---- | M] () -- C:\Users\Jacob\Documents\YouTubeDownloaderSetup257.exe
[2010-07-20 15:35:55 | 000,002,411 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-07-20 01:41:53 | 000,005,907 | ---- | M] () -- C:\Users\Jacob\Documents\SpamThrottle_1.4.zip
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Jacob\Documents\*.tmp files -> C:\Users\Jacob\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010-08-15 11:22:21 | 000,171,136 | RHS- | C] () -- C:\grldr
[2010-08-14 18:20:57 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2010-08-12 11:30:42 | 000,000,947 | ---- | C] () -- C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010-08-12 00:44:03 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk
[2010-08-12 00:35:35 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Age of Mythology.lnk
[2010-08-11 23:41:29 | 000,001,693 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010-08-11 23:41:22 | 063,535,211 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010-08-11 23:41:22 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010-08-11 21:11:22 | 001,704,384 | ---- | C] () -- C:\Users\Jacob\Documents\FrontlineRegCleanerSetup.exe
[2010-08-11 20:53:13 | 000,524,288 | -HS- | C] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TMContainer00000000000000000002.regtrans-ms
[2010-08-11 20:53:13 | 000,524,288 | -HS- | C] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TMContainer00000000000000000001.regtrans-ms
[2010-08-11 20:53:13 | 000,065,536 | -HS- | C] () -- C:\Users\Jacob\ntuser.dat{96f03b22-a579-11df-ae58-002268643327}.TM.blf
[2010-08-09 20:32:11 | 001,205,760 | ---- | C] () -- C:\Users\Jacob\Documents\pidenu24.msi
[2010-08-09 20:12:00 | 000,237,922 | ---- | C] () -- C:\Users\Jacob\Documents\AHCI_Intel_8.5.0.1032_Vistax64_A.zip
[2010-08-09 20:11:54 | 106,367,079 | ---- | C] () -- C:\Users\Jacob\Documents\VGA_ATI_8.533.0.0000_Vistax64_A.zip
[2010-08-09 20:11:31 | 005,340,072 | ---- | C] () -- C:\Users\Jacob\Documents\Chipset_Intel_9.1.0.1007_Vistax64_A.zip
[2010-07-27 14:12:14 | 003,229,726 | ---- | C] () -- C:\Users\Jacob\Documents\YouTubeDownloaderSetup257.exe
[2010-07-20 01:41:52 | 000,005,907 | ---- | C] () -- C:\Users\Jacob\Documents\SpamThrottle_1.4.zip
[2010-07-14 00:31:26 | 000,000,680 | ---- | C] () -- C:\Users\Jacob\AppData\Local\d3d9caps.dat
[2010-07-14 00:30:16 | 000,000,732 | ---- | C] () -- C:\Users\Jacob\AppData\Local\d3d9caps64.dat
[2010-06-18 17:00:20 | 000,434,176 | ---- | C] () -- C:\Users\Jacob\AppData\Local\dd_vcredistMSI0A85.txt
[2010-06-18 17:00:19 | 000,026,398 | ---- | C] () -- C:\Users\Jacob\AppData\Local\dd_vcredistUI0A85.txt
[2010-05-28 23:38:20 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010-05-27 22:50:28 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010-05-01 18:20:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010-04-02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010-03-30 23:54:23 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010-03-14 15:13:33 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010-03-06 17:11:26 | 000,084,013 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010-03-06 17:09:59 | 000,084,013 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010-01-27 16:31:17 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-01-27 16:31:17 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009-09-24 12:17:54 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009-09-24 12:17:17 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-09-16 21:45:16 | 000,000,140 | ---- | C] () -- C:\Users\Jacob\AppData\Roaming\wklnhst.dat
[2009-07-21 03:56:01 | 000,016,384 | ---- | C] () -- C:\Users\Jacob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-15 00:58:49 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-07-13 19:46:44 | 001,413,426 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009-07-13 19:23:15 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2009-07-13 19:23:15 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008-02-05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Users\Jacob\AppData\Local\setup.txt
[2008-01-21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009-07-14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010-08-15 21:13:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009-08-04 13:26:38 | 000,000,216 | ---- | M] () -- C:\DebugTrace-RockallDLL.log
[2009-08-02 10:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr
[2010-08-17 10:49:49 | 304,353,278 | -HS- | M] () -- C:\pagefile.sys
[2009-02-11 19:52:03 | 000,000,787 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006-11-02 17:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006-11-02 17:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006-11-02 17:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009-09-27 22:48:42 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006-09-18 23:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2006-10-19 10:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
[2006-10-19 10:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr
[2009-07-10 13:16:32 | 000,307,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008-01-21 05:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F3176E45
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:793F316E
< End of report >
Hi,
Let's run ESET scanner instead:
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish. Post back the results.
So I ran the ESET scan and It found:
-Win32/Bagle.gen.zip worm
-win32/Bagle.gen.zip worm
-Win32/Bagle.gen.zip worm
-INF/Autorun.gen trojan
and here is the results
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinFraudLoadedt2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFraudLoadedt2.zip Win32/Bagle.gen.zip worm
J:\Users\All Users\Spybot - Search & Destroy\Recovery\WinFraudLoadedt2.zip Win32/Bagle.gen.zip worm
Hi,
Delete those four findings. Any issues left?
Files has been deleted, tho there was a lot of other files like WinFraudLoadedt1.zip and WinFraudLoadedt3.zip, want me to do anything with them or,
anyway PC seems to be running fine, no crashes / beeing slow, so looks like you killed it :D
thank you so much for helping me it :thanks:
You're welcome :)
Please find some final steps below.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.
Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.