Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

alureon.gen u & rootkit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: alureon.gen u & rootkit

Unread postby Adamskyy » November 30th, 2009, 10:21 am

File 5
You do not have the required permissions to view the files attached to this post.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm
Advertisement
Register to Remove

Re: alureon.gen u & rootkit

Unread postby Adamskyy » November 30th, 2009, 10:23 am

File 6
You do not have the required permissions to view the files attached to this post.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » November 30th, 2009, 10:24 am

File 7
You do not have the required permissions to view the files attached to this post.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » November 30th, 2009, 10:25 am

File 8
You do not have the required permissions to view the files attached to this post.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » November 30th, 2009, 10:27 am

File 9
You do not have the required permissions to view the files attached to this post.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » November 30th, 2009, 10:27 am

File 10
You do not have the required permissions to view the files attached to this post.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » November 30th, 2009, 10:28 am

File 11
You do not have the required permissions to view the files attached to this post.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » November 30th, 2009, 10:29 am

File 12

Sorry that took so many replies :(
You do not have the required permissions to view the files attached to this post.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 1st, 2009, 9:33 am

Hello Adamskyy :),

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please download ComboFix© by sUBs from one of the links below and save it as AdamskyyCF.exe to your desktop.

Link 1
Link 2

Run ComboFix
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here.
  • Double click on AdamskyyCF.exe and follow the prompts.
  • When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
  • If you lose Internet connection after running ComboFix, unplug the cable you use to connect to the Internet and plug it back in.
  • Enable back your security softwares as soon as you completed the ComboFix steps.

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

A detailed step by step tutorial to run ComboFix can be found here if you need help.

Please post back:
1. the ComboFix log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 1st, 2009, 10:02 am

ComboFix log
You do not have the required permissions to view the files attached to this post.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 2nd, 2009, 8:17 pm

Hello Adamskyy :),

Please post all the logs or reports that I request by copy and pasting them into the text box. Do not attach unless I ask to.

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here.

Please rerun OTL and post back both the logs.

Please download SysProt AntiRootkit© by swatkat and save it to your desktop. Click here.
  • Scroll down to the bottom of the page and click on SysProt.zip under the Attachments section to save the file.
  • Unzip it into a folder on your desktop and enter it, then double click on SysProt.exe to start the program.
  • Go to the Log tab and check (tick) all items listed in the Write to log box.
  • Check Hidden Objects Only at the bottom of the window too.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear. Select Scan root drive only and click Start.
  • When completed, you will be prompted showing the location of SysProtLog.txt, which is the same folder SysProt.exe was extracted to. Post the contents of the log in your reply.

Please post back:
1. the recent MBAM report
2. both the OTL logs
3. SysProt result
4. how is the computer now?
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 3rd, 2009, 6:52 am

1. I system restored a while back which removed malwarebytes :s
2. Below
3. SysProt keeps caushing my computer to blue screen :?
4. The files tdlcmd and tdlclk are still there :|

OTL logfile created on: 03/12/2009 10:50:54 - Run 2
OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\adam\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 81.29% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.15 Gb Total Space | 88.24 Gb Free Space | 63.41% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 47.63 Gb Free Space | 63.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 142.94 Gb Total Space | 142.84 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 614.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 60 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/28 10:39:25 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe
PRC - [2009/11/19 19:30:32 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/19 19:30:31 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/19 19:30:31 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/19 19:30:31 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/19 19:30:31 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/19 19:30:31 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/19 19:30:17 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/19 19:30:17 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/19 18:53:17 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/06 13:41:56 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/02 14:27:36 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/09/02 14:27:36 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/03 19:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 17:57:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/01 19:44:00 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/10/01 19:43:56 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/09/23 22:11:34 | 00,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/07/30 01:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/30 01:52:50 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/06/13 04:17:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/05/21 01:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/03/26 05:21:30 | 05,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 20:25:10 | 00,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 20:24:46 | 00,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
PRC - [2008/01/21 02:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 02:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/21 02:24:54 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/01/21 02:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2005/01/29 01:09:42 | 00,876,649 | ---- | M] (BT Voyager Corporation) -- C:\Windows\System32\bcmwltry.exe
PRC - [2005/01/29 01:09:42 | 00,696,422 | ---- | M] (BT Voyager Corporation) -- C:\Windows\System32\wltray.exe
PRC - [2005/01/19 10:01:22 | 00,065,536 | ---- | M] () -- C:\Windows\System32\wltrysvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/28 10:39:25 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe
MOD - [2008/11/27 04:35:06 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/08/28 03:37:46 | 00,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2008/07/30 01:52:40 | 00,240,176 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
MOD - [2008/07/30 01:52:34 | 00,121,392 | ---- | M] (Egis Inc.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
MOD - [2008/01/21 02:23:54 | 00,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008/01/21 02:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0201691259589367mcinstcleanup) McAfee Application Installer Cleanup (0201691259589367)
SRV - [2009/11/19 19:30:17 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/19 19:30:17 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/08 17:57:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/10/01 19:43:56 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/09/23 22:11:34 | 00,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/09/23 22:11:32 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/07/30 01:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/03 05:51:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2008/06/13 04:17:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/05/21 01:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/29 20:25:10 | 00,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 20:24:46 | 00,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/21 02:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/24 11:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/01/19 10:01:22 | 00,065,536 | ---- | M] () -- C:\Windows\System32\wltrysvc.exe -- (wltrysvc)
SRV - [2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2009/11/19 19:30:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/19 19:30:34 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/19 19:30:34 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/21 17:37:49 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/03 17:26:12 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\Windows\System32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/09/28 02:02:42 | 00,016,472 | ---- | M] () -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/30 22:03:08 | 06,754,712 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009/04/06 12:19:46 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2008/12/10 15:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/12/08 17:57:00 | 07,391,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/01 18:04:16 | 00,012,832 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/30 01:53:12 | 00,060,464 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/30 01:53:10 | 00,018,992 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/30 01:53:10 | 00,016,944 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/03/26 10:35:54 | 02,103,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/22 15:18:44 | 00,043,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/01/30 09:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 09:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/29 05:55:00 | 01,042,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 12:02:02 | 00,140,832 | ---- | M] () -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/01/21 02:24:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/01/21 02:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/12 08:53:10 | 00,013,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/09/25 14:59:46 | 00,015,152 | ---- | M] () -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2005/12/21 10:14:52 | 00,019,712 | ---- | M] (Pinnacle Systems, Inc.) -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/06/02 19:28:38 | 00,171,008 | ---- | M] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://facebook.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/19 19:30:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/19 18:53:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 09:54:10 | 00,000,000 | ---D | M]

[2009/10/17 15:50:04 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2009/10/17 15:50:04 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\contact@callgraph.in
[2009/12/02 15:02:52 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\extensions
[2009/11/02 19:03:08 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2009/11/14 16:37:40 | 00,002,653 | ---- | M] () -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\searchplugins\kickasstorrents.xml
[2009/12/03 10:42:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 23:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/11/19 18:53:20 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/19 18:53:20 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/19 18:53:21 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/19 18:53:21 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [wltray.exe] C:\Windows\System32\wltray.exe (BT Voyager Corporation)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/01/12 14:29:16 | 00,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 60 Days ==========

[2009/12/03 10:30:11 | 00,000,000 | ---D | C] -- C:\Users\adam\Desktop\SysProt
[2009/12/01 19:47:26 | 00,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2009/12/01 13:38:01 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/01 13:38:01 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/01 13:38:01 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/01 13:38:01 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/01 13:37:48 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/01 13:37:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/30 14:30:34 | 00,000,000 | ---D | C] -- C:\Users\adam\Desktop\Alureon stuff
[2009/11/30 14:02:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/28 23:14:01 | 00,000,000 | ---D | C] -- C:\temp
[2009/11/28 23:14:01 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Pinnacle
[2009/11/28 23:13:49 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\InstantCDDVD
[2009/11/28 23:13:15 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Pinnacle
[2009/11/28 23:06:42 | 00,233,472 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\DiskIO.dll
[2009/11/28 23:06:42 | 00,184,320 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\RALMain.dll
[2009/11/28 23:06:42 | 00,073,728 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\MMAviAx.dll
[2009/11/28 23:06:41 | 00,126,976 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\AVIPrAx.dll
[2009/11/28 23:06:41 | 00,039,936 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\CacheX.dll
[2009/11/28 23:06:41 | 00,032,768 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\MLPagAx.dll
[2009/11/28 23:04:03 | 00,171,008 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\MarvinBus.sys
[2009/11/28 23:02:13 | 00,019,712 | ---- | C] (Pinnacle Systems, Inc.) -- C:\Windows\System32\drivers\emAudio.sys
[2009/11/28 23:01:17 | 00,930,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltr13n.dll
[2009/11/28 23:01:17 | 00,306,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltrio13n.dll
[2009/11/28 23:01:16 | 02,079,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCLR13s.dll
[2009/11/28 23:01:16 | 01,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCLR13n.dll
[2009/11/28 23:01:16 | 01,013,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltwvc13n.dll
[2009/11/28 23:01:16 | 00,884,736 | ---- | C] (Fellowes, Inc.) -- C:\Windows\System32\LMUIRes.dll
[2009/11/28 23:01:16 | 00,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn13n.dll
[2009/11/28 23:01:16 | 00,409,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP13s.DLL
[2009/11/28 23:01:16 | 00,393,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP13n.DLL
[2009/11/28 23:01:16 | 00,153,088 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil13n.DLL
[2009/11/28 23:01:16 | 00,110,080 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpsd13s.dll
[2009/11/28 23:01:16 | 00,070,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp13s.dll
[2009/11/28 23:01:16 | 00,064,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga13s.dll
[2009/11/28 23:01:16 | 00,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp13n.dll
[2009/11/28 23:01:16 | 00,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga13n.dll
[2009/11/28 23:01:16 | 00,012,288 | ---- | C] (Fellowes, Inc.) -- C:\Windows\System32\LMLRes.dll
[2009/11/28 23:00:59 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCP70.DLL
[2009/11/28 23:00:59 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ATL70.DLL
[2009/11/28 22:59:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2009/11/28 22:59:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2009/11/28 22:59:11 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\InstallShield
[2009/11/28 10:38:13 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/11/28 10:37:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/11/26 09:59:24 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 11:27:14 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/24 12:09:13 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Temporary Projects
[2009/11/24 11:49:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2009/11/23 21:47:12 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/11/23 21:46:07 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Visual Studio 2008
[2009/11/23 21:45:55 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Microsoft Help
[2009/11/23 21:43:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/11/23 21:43:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/11/21 10:46:42 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\ImgBurn
[2009/11/21 10:36:44 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/11/19 19:30:40 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/19 19:30:38 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/19 19:30:38 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/19 19:30:34 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/19 19:30:34 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/19 19:30:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/11/19 19:30:17 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/19 19:30:16 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/19 18:40:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/11/19 17:58:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/19 16:36:44 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/19 16:35:38 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/18 21:06:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/18 21:06:21 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/18 20:45:38 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes
[2009/11/18 20:45:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/18 20:45:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 20:29:43 | 00,000,000 | ---D | C] -- C:\Program Files\Quantum
[2009/11/13 13:33:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/11/11 13:53:14 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\LogiShrd
[2009/11/11 13:52:41 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/11/11 13:49:36 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/11/11 13:49:35 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/11/11 11:28:09 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/11 11:28:09 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi(543).dll
[2009/11/09 22:03:10 | 00,000,000 | ---D | C] -- C:\Program Files\Web Site Change Monitor
[2009/11/06 20:26:40 | 00,000,000 | ---D | C] -- C:\Games
[2009/11/02 16:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/11/01 16:28:02 | 00,000,000 | ---D | C] -- C:\.jagex_cache_32
[2009/10/28 09:38:04 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 09:38:03 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/10/28 09:38:02 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/10/28 09:38:02 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/10/28 09:38:01 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/25 12:10:26 | 00,000,000 | ---D | C] -- C:\Windows\.jagex_cache_32
[2009/10/25 12:07:14 | 00,000,000 | ---D | C] -- C:\ProgramData\SwiftKit
[2009/10/25 12:07:12 | 00,000,000 | ---D | C] -- C:\Program Files\SwiftKit
[2009/10/23 14:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/10/23 14:08:43 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/10/22 09:57:12 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/22 09:57:11 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/22 09:57:11 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/22 09:57:10 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/22 09:57:10 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/22 09:57:10 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/10/22 09:57:10 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/22 09:57:09 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/22 09:57:09 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/21 18:24:59 | 00,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2009/10/21 17:40:54 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\ConvertXtoDVD
[2009/10/21 17:37:49 | 00,047,360 | ---- | C] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/10/21 17:37:49 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Adam\AppData\Roaming\pcouffin.sys
[2009/10/21 17:37:48 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Vso
[2009/10/21 17:37:48 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\PcSetup
[2009/10/21 17:37:41 | 00,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\Pncrt.dll
[2009/10/21 17:37:41 | 00,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2009/10/21 17:37:41 | 00,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2009/10/21 17:37:41 | 00,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2009/10/21 17:37:41 | 00,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2009/10/21 17:37:41 | 00,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2009/10/21 17:37:40 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2009/10/21 17:37:40 | 00,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2009/10/21 17:37:38 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009/10/21 13:14:45 | 00,000,000 | ---D | C] -- C:\Users\adam\Chelsea
[2009/10/20 17:22:41 | 00,000,000 | ---D | C] -- C:\DVDTemp
[2009/10/20 17:21:57 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2009/10/20 17:21:56 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/10/20 17:21:37 | 00,000,000 | ---D | C] -- C:\Program Files\Free DVD Creator
[2009/10/20 17:14:13 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Broad Intelligence
[2009/10/20 17:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2009/10/20 17:08:02 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\OJOsoft Corporation
[2009/10/17 16:10:30 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Pamela
[2009/10/17 16:10:16 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Pamela
[2009/10/17 16:10:14 | 00,155,136 | ---- | C] (Scendix Software GmbH) -- C:\Windows\System32\RemoteControl.dll
[2009/10/17 16:10:13 | 00,000,000 | ---D | C] -- C:\Program Files\Pamela
[2009/10/17 16:02:41 | 00,000,000 | ---D | C] -- C:\Program Files\HotRecorder
[2009/10/17 15:50:02 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Sedna Wireless
[2009/10/17 15:50:02 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Sedna Wireless
[2009/10/17 15:49:55 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\My Call Graphs
[2009/10/17 15:48:30 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Call Graph
[2009/10/17 15:48:30 | 00,000,000 | ---D | C] -- C:\Program Files\Call Graph
[2009/10/16 13:17:41 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/16 13:17:41 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/16 13:17:11 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/16 13:16:49 | 00,763,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDTVVDEC.DLL
[2009/10/16 13:16:49 | 00,711,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2009/10/16 13:16:49 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2009/10/16 13:16:47 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/14 21:24:33 | 00,000,000 | ---D | C] -- C:\Program Files\Acez Mp3 Wav Converter
[2009/10/14 21:03:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2009/10/13 13:06:32 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009/10/13 13:06:32 | 00,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2009/10/13 11:03:50 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Deployment
[2009/10/13 11:03:50 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Apps
[2009/10/12 14:19:54 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\vlc
[2009/10/12 14:18:07 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/10/11 21:20:40 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Screaming Bee
[2009/10/11 21:13:19 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\vEmotion Records
[2009/10/11 21:13:18 | 00,000,000 | ---D | C] -- C:\Program Files\freebird
[2009/10/11 21:02:32 | 00,000,000 | ---D | C] -- C:\AV_LOGS
[2009/10/11 21:02:00 | 00,017,792 | ---- | C] (Avnex) -- C:\Windows\System32\drivers\vcsvad.sys
[2009/10/11 10:23:53 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\My Widgets
[2009/10/11 10:23:29 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/10/08 15:00:35 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Sony Media Libraries
[2009/10/08 15:00:34 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Publish Providers
[2009/10/08 15:00:17 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Sony
[2009/10/08 14:40:55 | 00,033,340 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbmsqlgc.dll
[2009/10/08 14:40:55 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbmsgnet.dll
[2009/10/08 14:40:46 | 00,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2009/10/08 14:40:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/10/08 14:39:36 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Sony
[2009/10/08 14:38:15 | 00,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2009/10/08 14:38:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony
[2009/10/08 14:37:54 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/10/08 14:35:35 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2009/10/08 13:30:11 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\skypePM
[2009/10/08 13:28:44 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Skype
[2009/10/08 13:27:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/10/08 13:27:32 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/10/08 13:21:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/10/06 13:43:12 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/10/06 13:42:20 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/06 13:42:20 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/06 13:42:20 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/06 13:41:51 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/10/06 12:28:39 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Acer Arcade Live
[2009/10/06 12:28:38 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\CyberLink
[2009/10/06 12:17:21 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Microsoft Games
[2009/10/05 21:34:41 | 00,000,000 | ---D | C] -- C:\Users\adam\Business
[2009/10/05 16:08:24 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/10/04 16:55:09 | 00,000,000 | ---D | C] -- C:\Program Files\Convert AVI to MP4
[2009/01/09 16:51:34 | 00,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 60 Days ==========

[2009/12/03 10:51:25 | 02,097,152 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT
[2009/12/03 10:51:02 | 00,012,800 | ---- | M] () -- C:\Windows\System32\tdlclk.dll
[2009/12/03 10:47:25 | 00,717,234 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/03 10:47:25 | 00,617,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/03 10:47:25 | 00,113,132 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/03 10:43:04 | 00,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/12/03 10:41:20 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/12/03 10:41:17 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/03 10:41:17 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/03 10:41:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/03 10:40:57 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/03 10:40:48 | 29,511,63904 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/03 10:40:39 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/12/03 10:28:38 | 46,090,958 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/03 10:28:22 | 00,111,793 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/02 21:33:50 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000001.regtrans-ms
[2009/12/02 21:33:50 | 00,065,536 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TM.blf
[2009/12/02 21:33:34 | 03,386,238 | -H-- | M] () -- C:\Users\adam\AppData\Local\IconCache.db
[2009/12/02 20:41:32 | 00,000,038 | ---- | M] () -- C:\Users\adam\jagex_runescape_preferences.dat
[2009/12/02 20:36:01 | 00,000,063 | ---- | M] () -- C:\Users\adam\jagex_runescape_preferences2.dat
[2009/12/01 13:55:35 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/01 13:36:59 | 03,573,627 | R--- | M] () -- C:\Users\adam\Desktop\AdamskyyCF.exe.exe
[2009/11/28 23:36:54 | 00,036,352 | ---- | M] () -- C:\Users\adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 23:11:00 | 00,079,904 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/11/28 23:09:20 | 00,315,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/25 16:49:05 | 00,001,558 | ---- | M] () -- C:\Users\Public\Desktop\Pool Sharks.lnk
[2009/11/21 10:36:48 | 00,001,654 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/20 14:20:30 | 00,000,049 | ---- | M] () -- C:\Windows\wininit.ini
[2009/11/19 19:30:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/19 19:30:38 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/19 19:30:38 | 00,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/19 19:30:34 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/19 19:30:34 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/19 19:30:34 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/19 19:30:33 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/19 19:30:33 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/19 17:58:35 | 00,001,878 | ---- | M] () -- C:\Users\adam\Desktop\HijackThis.lnk
[2009/11/19 16:16:50 | 00,008,224 | ---- | M] () -- C:\Users\adam\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/19 16:13:49 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000002.regtrans-ms
[2009/11/19 16:12:38 | 05,505,024 | -HS- | M] () -- C:\Users\adam\ntuser.dat_previous
[2009/11/19 16:12:37 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/19 16:12:37 | 00,065,536 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/11 14:04:58 | 00,134,158 | ---- | M] () -- C:\Users\adam\Documents\Driver Analysis for ADAM.html
[2009/11/08 20:50:59 | 00,035,840 | ---- | M] () -- C:\Users\adam\Desktop\Types of Business.doc
[2009/11/07 11:56:21 | 00,000,671 | ---- | M] () -- C:\Users\adam\AppData\Roaming\vso_ts_preview.xml
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/29 20:01:10 | 00,112,737 | ---- | M] () -- C:\Users\adam\Documents\Untitled.wma
[2009/10/29 19:35:57 | 00,144,056 | ---- | M] () -- C:\Users\adam\Documents\~emo_penguin~_29_10_2009@19_35_00.wav
[2009/10/29 19:32:10 | 00,227,256 | ---- | M] () -- C:\Users\adam\Documents\~emo_penguin~_29_10_2009@19_31_19.wav
[2009/10/29 09:41:23 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/10/26 14:57:27 | 00,016,857 | ---- | M] () -- C:\Users\adam\Documents\History HW.docx
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/23 17:42:09 | 00,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/10/21 17:37:49 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/10/21 17:37:49 | 00,047,360 | ---- | M] (VSO Software) -- C:\Users\adam\AppData\Roaming\pcouffin.sys
[2009/10/21 17:37:49 | 00,007,887 | ---- | M] () -- C:\Users\adam\AppData\Roaming\pcouffin.cat
[2009/10/21 17:37:49 | 00,001,144 | ---- | M] () -- C:\Users\adam\AppData\Roaming\pcouffin.inf
[2009/10/21 17:37:47 | 00,000,989 | ---- | M] () -- C:\Users\adam\Desktop\ConvertXtoDvd 3.lnk
[2009/10/21 12:57:45 | 00,011,936 | ---- | M] () -- C:\Users\adam\Documents\podcast sample.veg
[2009/10/21 12:57:31 | 22,713,777 | ---- | M] () -- C:\Users\adam\Documents\Podcast 21-10-09.wma
[2009/10/18 22:17:35 | 00,019,126 | ---- | M] () -- C:\Users\adam\Documents\business yar.docx
[2009/10/17 17:49:20 | 00,369,513 | ---- | M] () -- C:\Users\adam\Documents\mewmemww.wma
[2009/10/17 16:10:14 | 00,155,136 | ---- | M] (Scendix Software GmbH) -- C:\Windows\System32\RemoteControl.dll
[2009/10/17 15:57:10 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009/10/11 22:11:25 | 00,020,762 | ---- | M] () -- C:\Users\adam\Documents\business homewokr that will probably be wrong...docx
[2009/10/11 21:13:41 | 00,000,180 | ---- | M] () -- C:\Windows\win.ini
[2009/10/11 20:20:49 | 00,015,276 | ---- | M] () -- C:\Users\adam\Documents\MR.docx
[2009/10/08 13:30:13 | 00,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2009/10/06 13:41:55 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/06 13:41:55 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/06 13:41:55 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

========== Files Created - No Company Name ==========

[2009/12/03 10:46:02 | 00,023,552 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll
[2009/12/03 10:46:02 | 00,012,800 | ---- | C] () -- C:\Windows\System32\tdlclk.dll
[2009/12/01 13:38:01 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/01 13:38:01 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/12/01 13:38:01 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/01 13:38:01 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/01 13:38:01 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/01 13:36:47 | 03,573,627 | R--- | C] () -- C:\Users\adam\Desktop\AdamskyyCF.exe.exe
[2009/11/30 14:10:22 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/11/28 23:01:16 | 00,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2009/11/28 23:01:16 | 00,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2009/11/28 23:01:16 | 00,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2009/11/28 23:01:16 | 00,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2009/11/28 23:01:16 | 00,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2009/11/28 23:00:41 | 00,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/11/25 16:49:05 | 00,001,558 | ---- | C] () -- C:\Users\Public\Desktop\Pool Sharks.lnk
[2009/11/21 11:42:52 | 00,000,063 | ---- | C] () -- C:\Users\adam\jagex_runescape_preferences2.dat
[2009/11/21 11:42:48 | 00,000,038 | ---- | C] () -- C:\Users\adam\jagex_runescape_preferences.dat
[2009/11/21 10:36:48 | 00,001,654 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/20 14:20:30 | 00,000,049 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/19 19:30:38 | 00,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/19 19:30:34 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/19 19:30:33 | 46,090,958 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/19 19:30:33 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/19 19:30:33 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/19 19:30:33 | 00,111,793 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/19 17:58:35 | 00,001,878 | ---- | C] () -- C:\Users\adam\Desktop\HijackThis.lnk
[2009/11/19 16:27:42 | 29,511,63904 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/19 16:13:49 | 00,524,288 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000002.regtrans-ms
[2009/11/19 16:13:49 | 00,524,288 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000001.regtrans-ms
[2009/11/19 16:13:49 | 00,065,536 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TM.blf
[2009/11/11 14:04:57 | 00,134,158 | ---- | C] () -- C:\Users\adam\Documents\Driver Analysis for ADAM.html
[2009/11/08 20:50:58 | 00,035,840 | ---- | C] () -- C:\Users\adam\Desktop\Types of Business.doc
[2009/10/29 20:01:10 | 00,112,737 | ---- | C] () -- C:\Users\adam\Documents\Untitled.wma
[2009/10/29 19:35:57 | 00,144,056 | ---- | C] () -- C:\Users\adam\Documents\~emo_penguin~_29_10_2009@19_35_00.wav
[2009/10/29 19:32:10 | 00,227,256 | ---- | C] () -- C:\Users\adam\Documents\~emo_penguin~_29_10_2009@19_31_19.wav
[2009/10/26 14:57:27 | 00,016,857 | ---- | C] () -- C:\Users\adam\Documents\History HW.docx
[2009/10/21 17:39:41 | 00,000,671 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\vso_ts_preview.xml
[2009/10/21 17:38:57 | 00,000,034 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.log
[2009/10/21 17:37:49 | 00,007,887 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.cat
[2009/10/21 17:37:49 | 00,001,144 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.inf
[2009/10/21 17:37:47 | 00,000,989 | ---- | C] () -- C:\Users\adam\Desktop\ConvertXtoDvd 3.lnk
[2009/10/21 12:57:45 | 00,011,936 | ---- | C] () -- C:\Users\adam\Documents\podcast sample.veg
[2009/10/21 12:56:49 | 22,713,777 | ---- | C] () -- C:\Users\adam\Documents\Podcast 21-10-09.wma
[2009/10/20 17:21:59 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/10/18 22:17:34 | 00,019,126 | ---- | C] () -- C:\Users\adam\Documents\business yar.docx
[2009/10/17 17:49:19 | 00,369,513 | ---- | C] () -- C:\Users\adam\Documents\mewmemww.wma
[2009/10/11 22:11:24 | 00,020,762 | ---- | C] () -- C:\Users\adam\Documents\business homewokr that will probably be wrong...docx
[2009/10/11 20:20:21 | 00,015,276 | ---- | C] () -- C:\Users\adam\Documents\MR.docx
[2009/10/08 13:30:13 | 00,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/10/03 18:55:05 | 00,036,352 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 17:20:37 | 00,003,126 | ---- | C] () -- C:\Windows\System32\bcmwlhom.ini
[2009/04/30 21:39:36 | 00,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/01/09 18:29:31 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/09 18:19:34 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/01/09 16:50:50 | 00,140,832 | ---- | C] () -- C:\Windows\System32\drivers\nvstor32.sys
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/11 08:23:13 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/11 08:23:13 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

========== LOP Check ==========

[2009/01/09 19:00:58 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Acer GameZone Console
[2009/10/20 17:14:13 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Broad Intelligence
[2009/10/17 15:55:47 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Call Graph
[2009/11/21 10:58:15 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ImgBurn
[2009/11/11 13:52:41 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/11/17 16:13:58 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Pamela
[2009/10/08 15:00:34 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Publish Providers
[2009/10/11 21:20:40 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Screaming Bee
[2009/10/17 15:50:02 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Sedna Wireless
[2009/10/08 15:00:17 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Sony
[2009/11/07 11:56:22 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Vso
[2009/12/02 21:33:45 | 00,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Jack&Jill » December 3rd, 2009, 12:07 pm

Hello Adamskyy :),

I system restored a while back which removed malwarebytes :s
When did you do System Restore? Before or after we started to work on your computer?

Skip the SysProt step for now.

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please rerun GMER and post back the log. Do note that the last time you ran GMER, the big log was due to you not following the steps that I requested you to do. I repeat the steps here again with the important areas highlighted:

Run GMER
  • Double click the os2505t2.exe file. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan, click on No.
  • In the right panel, you will see several boxes that have been checked (ticked). Uncheck the following:
    • Sections
    • IAT/EAT
    • All other Drives/Partitions except Systemdrive, typically C:\ (leave C:\ checked)
    • Show All (don't miss this one)
  • Then click the Scan button and wait for it to finish.
  • Once done, click on the Save... button and save it as "Gmer.txt" at a convenient location. Post the contents of that report.
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.

Do not run any other programs while GMER is running.

Run OTL with Custom Scans
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options is checked (ticked). There are six of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Copy and paste the following into the white box under Custom Scans/Fixes:
    Code: Select all
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    
    DRIVERS32
    MSCONFIG
    NETSVCS
    SAFEBOOTMINIMAL
    SAFEBOOTNETWORK
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.

Please post back:
1. the new GMER result
2. new OTL logs (OTL.txt and Extras.txt)
3. describe the problems you are experiencing now and is there any redirects?
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 3rd, 2009, 12:48 pm

Sorry for the previous GMER issue, I apologise for overreading.

I system restored well before we started, sorry for not specifying.

GMER:
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-03 16:37:19
Windows 6.0.6001 Service Pack 1
Running: os2505t2.exe; Driver: C:\Users\adam\AppData\Local\Temp\ugrdrpoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???4C:??????32??ll???4???????????J???????????P?????????????????????????325???????????0?????????????7HD???????????0???????????????????????S??????????????V_???????????E?????????????894???????????1???????????????????????e??????????????e????????????P???????????????????!????????????????????????6??P???????????E??????????????6r???????????y??????????????6????????????A???????????????9???????????3?????????????Pe4??????????? ???????????????????A???????v?????????????????????????????????v?v???4???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????A???????v?????????????????????????????????v?v??{1bfa751c-c742-430c-b777-a0217af11d3f}???????????4???????????????????4?????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x17 0xB3 0x40 0xBC ...
Reg HKLM\SOFTWARE\Classes\.jar@ jarfile
Reg HKLM\SOFTWARE\Classes\.jnlp@ JNLPFile
Reg HKLM\SOFTWARE\Classes\.jnlp@Content Type application/x-java-jnlp-file
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg HKLM\SOFTWARE\Classes\jarfile@ Executable Jar File
Reg HKLM\SOFTWARE\Classes\jarfile\shell
Reg HKLM\SOFTWARE\Classes\jarfile\shell\open
Reg HKLM\SOFTWARE\Classes\jarfile\shell\open\command
Reg HKLM\SOFTWARE\Classes\jarfile\shell\open\command@ "C:\Program Files\Java\jre6\bin\javaw.exe" -jar "%1" %*
Reg HKLM\SOFTWARE\Classes\JavaPlugin\CLSID
Reg HKLM\SOFTWARE\Classes\JavaPlugin\CLSID@ {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Reg HKLM\SOFTWARE\Classes\JavaPlugin.160_17\CLSID
Reg HKLM\SOFTWARE\Classes\JavaPlugin.160_17\CLSID@ {5852F5ED-8BF4-11D4-A245-0080C6F74284}
Reg HKLM\SOFTWARE\Classes\JavaPlugin.FamilyVersionSupport\CLSID
Reg HKLM\SOFTWARE\Classes\JavaPlugin.FamilyVersionSupport\CLSID@ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled@ isInstalled Class
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled\CLSID
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled\CLSID@ {5852F5ED-8BF4-11D4-A245-0080C6F74284}
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled\CurVer
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled\CurVer@ JavaWebStart.isInstalled.1.6.0.0
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0@ isInstalled Class
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0\CLSID
Reg HKLM\SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0\CLSID@ {5852F5ED-8BF4-11D4-A245-0080C6F74284}
Reg HKLM\SOFTWARE\Classes\JNLPFile@ JNLP File
Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell
Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell\Open
Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell\Open@ &Launch
Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\JNLPFile\Shell\Open\Command@ "C:\Program Files\Java\jre6\bin\javaws.exe" "%1"
Reg HKLM\SOFTWARE\Classes\Microsoft SQL Server Compact Edition Database File@ SQL Server Compact Edition Database File
Reg HKLM\SOFTWARE\Classes\Microsoft SQL Server Compact Edition Database File\DefaultIcon
Reg HKLM\SOFTWARE\Classes\Microsoft SQL Server Compact Edition Database File\DefaultIcon@ C:\Program Files\Microsoft SQL Server Compact Edition\v3.5\sqlceme35.dll,-1
Reg HKLM\SOFTWARE\Classes\Microsoft.SQLSERVER.CE.OLEDB.3.5@ Microsoft.SQLSERVER.CE.OLEDB.3.5
Reg HKLM\SOFTWARE\Classes\Microsoft.SQLSERVER.CE.OLEDB.3.5\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.SQLSERVER.CE.OLEDB.3.5\CLSID@ {F49C559D-E9E5-467C-8C18-3326AAE4EBCC}
Reg HKLM\SOFTWARE\Classes\Microsoft.SQLSERVER.CE.OLEDB.3.5Errors@ Microsoft SQL Server Compact OLE DB Provider for Windows Error Lookup
Reg HKLM\SOFTWARE\Classes\Microsoft.SQLSERVER.CE.OLEDB.3.5Errors\Clsid
Reg HKLM\SOFTWARE\Classes\Microsoft.SQLSERVER.CE.OLEDB.3.5Errors\Clsid@ {90A1998A-EB21-4F61-872F-F4DFDE1065D6}
Reg HKLM\SOFTWARE\Classes\Microsoft.VisualBasic.UpgradeExtensions.ResUtil_9_0@ Microsoft.VisualBasic.UpgradeExtensions.ResUtil
Reg HKLM\SOFTWARE\Classes\Microsoft.VisualBasic.UpgradeExtensions.ResUtil_9_0\CLSID
Reg HKLM\SOFTWARE\Classes\Microsoft.VisualBasic.UpgradeExtensions.ResUtil_9_0\CLSID@ {B3E493E5-6340-4e6c-AF6C-546D7B8436F4}
Reg HKLM\SOFTWARE\Classes\MSDDS.Diagram.080@ Microsoft DDS 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Diagram.080\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Diagram.080\CLSID@ {C795D2FE-7776-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Diagram.080\CurVer
Reg HKLM\SOFTWARE\Classes\MSDDS.Diagram.080\CurVer@ MSDDS.Diagram.080.1
Reg HKLM\SOFTWARE\Classes\MSDDS.Diagram.080.1@ Microsoft DDS 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Diagram.080.1\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Diagram.080.1\CLSID@ {C795D2FE-7776-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Form.080.1@ Microsoft DDS Form 2.0
Reg HKLM\SOFTWARE\Classes\MSDDS.Form.080.1\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Form.080.1\CLSID@ {77D2C92E-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Generic.080@ Microsoft DDS Generic Class 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Generic.080\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Generic.080\CLSID@ {77D2C902-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Generic.080\CurVer
Reg HKLM\SOFTWARE\Classes\MSDDS.Generic.080\CurVer@ MSDDS.Generic.080.1
Reg HKLM\SOFTWARE\Classes\MSDDS.Generic.080.1@ Microsoft DDS Generic Class 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Generic.080.1\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Generic.080.1\CLSID@ {77D2C902-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Icon.080@ Microsoft DDS Icon Control 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Icon.080\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Icon.080\CLSID@ {77D2C926-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Icon.080\CurVer
Reg HKLM\SOFTWARE\Classes\MSDDS.Icon.080\CurVer@ MSDDS.Icon.080.1
Reg HKLM\SOFTWARE\Classes\MSDDS.Icon.080.1@ Microsoft DDS Icon Control 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Icon.080.1\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Icon.080.1\CLSID@ {77D2C926-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.LayoutManager.080@ Microsoft DDS Layout Manager 80
Reg HKLM\SOFTWARE\Classes\MSDDS.LayoutManager.080\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.LayoutManager.080\CLSID@ {77D2C915-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.LayoutManager.080\CurVer
Reg HKLM\SOFTWARE\Classes\MSDDS.LayoutManager.080\CurVer@ MSDDS.LayoutManager.080.1
Reg HKLM\SOFTWARE\Classes\MSDDS.LayoutManager.080.1@ Microsoft DDS Layout Manager 80
Reg HKLM\SOFTWARE\Classes\MSDDS.LayoutManager.080.1\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.LayoutManager.080.1\CLSID@ {77D2C915-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.LibraryShape.080@ Microsoft DDS Library Shape Control 80
Reg HKLM\SOFTWARE\Classes\MSDDS.LibraryShape.080\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.LibraryShape.080\CLSID@ {77D2C905-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.LibraryShape.080\CurVer
Reg HKLM\SOFTWARE\Classes\MSDDS.LibraryShape.080\CurVer@ MSDDS.LibraryShape.080.1
Reg HKLM\SOFTWARE\Classes\MSDDS.LibraryShape.080.1@ Microsoft DDS Library Shape Control 80
Reg HKLM\SOFTWARE\Classes\MSDDS.LibraryShape.080.1\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.LibraryShape.080.1\CLSID@ {77D2C905-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Oblique.080@ Microsoft DDS Oblique LineRoute 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Oblique.080\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Oblique.080\CLSID@ {77D2C917-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.PictureShape.080@ Microsoft DDS Picture Shape Control 80
Reg HKLM\SOFTWARE\Classes\MSDDS.PictureShape.080\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.PictureShape.080\CLSID@ {77D2C908-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.PictureShape.080\CurVer
Reg HKLM\SOFTWARE\Classes\MSDDS.PictureShape.080\CurVer@ MSDDS.PictureShape.080.1
Reg HKLM\SOFTWARE\Classes\MSDDS.PictureShape.080.1@ Microsoft DDS Picture Shape Control 80
Reg HKLM\SOFTWARE\Classes\MSDDS.PictureShape.080.1\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.PictureShape.080.1\CLSID@ {77D2C908-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Polyline.080@ Microsoft DDS Polyline Control 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Polyline.080\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Polyline.080\CLSID@ {77D2C91E-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Polyline.080\CurVer
Reg HKLM\SOFTWARE\Classes\MSDDS.Polyline.080\CurVer@ MSDDS.Polyline.080.1
Reg HKLM\SOFTWARE\Classes\MSDDS.Polyline.080.1@ Microsoft DDS Polyline Control 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Polyline.080.1\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Polyline.080.1\CLSID@ {77D2C91E-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Rectilinear.080@ Microsoft DDS Rectilinear Layout 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Rectilinear.080\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Rectilinear.080\CLSID@ {77D2C916-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Text.080@ Microsoft DDS Text Control 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Text.080\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Text.080\CLSID@ {77D2C923-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\MSDDS.Text.080\CurVer
Reg HKLM\SOFTWARE\Classes\MSDDS.Text.080\CurVer@ MSDDS.Text.080.1
Reg HKLM\SOFTWARE\Classes\MSDDS.Text.080.1@ Microsoft DDS Text Control 80
Reg HKLM\SOFTWARE\Classes\MSDDS.Text.080.1\CLSID
Reg HKLM\SOFTWARE\Classes\MSDDS.Text.080.1\CLSID@ {77D2C923-7779-11D8-9070-00065B840D9C}
Reg HKLM\SOFTWARE\Classes\SSCE Active Sync Engine.3.5@ SSCE Active Sync Engine Object
Reg HKLM\SOFTWARE\Classes\SSCE Active Sync Engine.3.5\CLSID
Reg HKLM\SOFTWARE\Classes\SSCE Active Sync Engine.3.5\CLSID@ {455C3E04-BFE9-4089-8622-F2464EC3FDDB}
Reg HKLM\SOFTWARE\Classes\SSCE.DropTableListener.3.5@ SSCE DropTable Listener Object
Reg HKLM\SOFTWARE\Classes\SSCE.DropTableListener.3.5\CLSID
Reg HKLM\SOFTWARE\Classes\SSCE.DropTableListener.3.5\CLSID@ {3018609E-CDBC-47E8-A255-809D46BAA319}
Reg HKLM\SOFTWARE\Classes\SSCE.Engine.3.5@ Active SSCE Engine Object
Reg HKLM\SOFTWARE\Classes\SSCE.Engine.3.5\CLSID
Reg HKLM\SOFTWARE\Classes\SSCE.Engine.3.5\CLSID@ {A9D3060D-3526-4538-B13A-1913568DAA0D}
Reg HKLM\SOFTWARE\Classes\SSCE.Error.3.5@ SSCE Error Object
Reg HKLM\SOFTWARE\Classes\SSCE.Error.3.5\CLSID
Reg HKLM\SOFTWARE\Classes\SSCE.Error.3.5\CLSID@ {20347534-760B-464D-B572-285E6B618257}
Reg HKLM\SOFTWARE\Classes\SSCE.Errors.3.5@ SSCE Errors Collection
Reg HKLM\SOFTWARE\Classes\SSCE.Errors.3.5\CLSID
Reg HKLM\SOFTWARE\Classes\SSCE.Errors.3.5\CLSID@ {9FD542D2-61C4-4E9F-A8E2-E6B8C7F64CBF}
Reg HKLM\SOFTWARE\Classes\SSCE.Param.3.5@ SSCE Param Object
Reg HKLM\SOFTWARE\Classes\SSCE.Param.3.5\CLSID
Reg HKLM\SOFTWARE\Classes\SSCE.Param.3.5\CLSID@ {7C7E6C99-BB8D-4718-AAA9-70C4320010DE}
Reg HKLM\SOFTWARE\Classes\SSCE.Params.3.5@ SSCE Params Collection
Reg HKLM\SOFTWARE\Classes\SSCE.Params.3.5\CLSID
Reg HKLM\SOFTWARE\Classes\SSCE.Params.3.5\CLSID@ {9E7E2CCE-3F1F-4891-892C-AC8B486D03B2}
Reg HKLM\SOFTWARE\Classes\SSCE.RemoteDataAccess.3.5@ Active SSCE remote data access Object
Reg HKLM\SOFTWARE\Classes\SSCE.RemoteDataAccess.3.5\CLSID
Reg HKLM\SOFTWARE\Classes\SSCE.RemoteDataAccess.3.5\CLSID@ {8CD1B98D-D8D5-4B51-9564-48B12A98698F}
Reg HKLM\SOFTWARE\Classes\SSCE.Replication.3.5@ Active SSCE Replication Object
Reg HKLM\SOFTWARE\Classes\SSCE.Replication.3.5\CLSID
Reg HKLM\SOFTWARE\Classes\SSCE.Replication.3.5\CLSID@ {EA91E968-EF93-4FF1-86F3-75CC93416DF2}
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0@AlwaysShowExt 1
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0@ Visual Studio Add-in definition file
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\DefaultIcon@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe",-1203
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" "%1"
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.AddIn.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0@ XML Configuration File
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Xml\1033\Microsoft.XmlEditorUI.dll,-105
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.config.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.datasource.9.0@ Visual Studio Data Source File
Reg HKLM\SOFTWARE\Classes\VBExpress.datasource.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.datasource.9.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-215
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0@ Web Service Discovery File
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Xml\1033\Microsoft.XmlEditorUI.dll,-112
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.disco.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0@ XML Document Type Definition
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Xml\1033\Microsoft.XmlEditorUI.dll,-108
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.dtd.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.DTE@ Microsoft VBExpress DTE Object
Reg HKLM\SOFTWARE\Classes\VBExpress.DTE\CLSID
Reg HKLM\SOFTWARE\Classes\VBExpress.DTE\CLSID@ {29AAE87D-DCF6-4CCD-9252-E3C38C196673}
Reg HKLM\SOFTWARE\Classes\VBExpress.DTE\CurVer
Reg HKLM\SOFTWARE\Classes\VBExpress.DTE\CurVer@ VBExpress.DTE.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0@ OR Designer
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0@AlwaysShowExt 1
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Microsoft.VisualStudio.ORDesigner.DslPackage.dll,0
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.ORDesigner.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.resx.9.0@NoOpen
Reg HKLM\SOFTWARE\Classes\VBExpress.resx.9.0@ .NET Managed Resources File
Reg HKLM\SOFTWARE\Classes\VBExpress.resx.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.resx.9.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-210
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0@ Service Description Language
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Xml\1033\Microsoft.XmlEditorUI.dll,-111
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.sdl.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.settings.9.0@NoOpen
Reg HKLM\SOFTWARE\Classes\VBExpress.settings.9.0@ Visual Studio Settings-Designer File
Reg HKLM\SOFTWARE\Classes\VBExpress.settings.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.settings.9.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-211
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0@ Visual Studio Code Snippet File
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-214
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.snippet.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.snk.9.0@NoOpen
Reg HKLM\SOFTWARE\Classes\VBExpress.snk.9.0@ Visual Studio Strong Name Key File
Reg HKLM\SOFTWARE\Classes\VBExpress.snk.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.snk.9.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-217
Reg HKLM\SOFTWARE\Classes\VBExpress.Solution@ Microsoft VBExpress Solution Object
Reg HKLM\SOFTWARE\Classes\VBExpress.Solution\CLSID
Reg HKLM\SOFTWARE\Classes\VBExpress.Solution\CLSID@ {2963629C-5C08-4364-8A4F-1E7719FA32D4}
Reg HKLM\SOFTWARE\Classes\VBExpress.Solution\CurVer
Reg HKLM\SOFTWARE\Classes\VBExpress.Solution\CurVer@ VBExpress.Solution.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.txt.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.txt.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.txt.9.0\shell\Open\command
Reg HKLM\SOFTWARE\Classes\VBExpress.txt.9.0\shell\Open\command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.txt.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.txt.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.txt.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.txt.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.txt.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.txt.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0@AlwaysShowExt 1
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0@ Visual Basic Source file
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\VB\Bin\msvbprj.dll,1
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.vb.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.vbproj.9.0@ Visual Basic Project file
Reg HKLM\SOFTWARE\Classes\VBExpress.vbproj.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.vbproj.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\VB\Bin\msvbprj.dll,0
Reg HKLM\SOFTWARE\Classes\VBExpress.vbproj.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.vbproj.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.vbproj.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.vbproj.9.0\shell\Open\Command@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
Reg HKLM\SOFTWARE\Classes\VBExpress.vssettings.9.0@NoOpen
Reg HKLM\SOFTWARE\Classes\VBExpress.vssettings.9.0@ Visual Studio Settings File
Reg HKLM\SOFTWARE\Classes\VBExpress.vssettings.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.vssettings.9.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-212
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0@ Visual Studio Project/Item Template File
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-213
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.vstemplate.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0@ Web Service Description Language
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Xml\1033\Microsoft.XmlEditorUI.dll,-110
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.wsdl.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0@ XML Data Reduced Schema
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Xml\1033\Microsoft.XmlEditorUI.dll,-109
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.xdr.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0@ XML Document
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Xml\1033\Microsoft.XmlEditorUI.dll,-100
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.xml.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.xsc.9.0@NoOpen
Reg HKLM\SOFTWARE\Classes\VBExpress.xsc.9.0@ Visual Studio Dataset Internal Info File
Reg HKLM\SOFTWARE\Classes\VBExpress.xsc.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.xsc.9.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-219
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0@ XSL Stylesheet
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Xml\1033\Microsoft.XmlEditorUI.dll,-102
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.xsl.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0@ XSL Transform
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Xml\1033\Microsoft.XmlEditorUI.dll,-104
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\shell
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\vbexpress.exe" /dde
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\shell\Open\ddeexec\Application@ VBExpress.9.0
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VBExpress.xslt.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VBExpress.xss.9.0@NoOpen
Reg HKLM\SOFTWARE\Classes\VBExpress.xss.9.0@ Visual Studio Dataset Internal Info File
Reg HKLM\SOFTWARE\Classes\VBExpress.xss.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VBExpress.xss.9.0\DefaultIcon@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\msenvico.dll",-218
Reg HKLM\SOFTWARE\Classes\VBSnippetAddin.Connect_9_0@ Microsoft.VisualBasic.UpgradeSnippet.Connect
Reg HKLM\SOFTWARE\Classes\VBSnippetAddin.Connect_9_0\CLSID
Reg HKLM\SOFTWARE\Classes\VBSnippetAddin.Connect_9_0\CLSID@ {db49ee98-ef7a-4be7-b7df-a043a31c08c7}
Reg HKLM\SOFTWARE\Classes\VBUpgradeEngineLib_9_0.VBUpgradeEngine@ VBUpgradeEngine Class
Reg HKLM\SOFTWARE\Classes\VBUpgradeEngineLib_9_0.VBUpgradeEngine\CLSID
Reg HKLM\SOFTWARE\Classes\VBUpgradeEngineLib_9_0.VBUpgradeEngine\CLSID@ {EB29F2BC-A843-4c09-9355-03E58D51EC29}
Reg HKLM\SOFTWARE\Classes\VBUpgradeEngineLib_9_0.VBUpgradeEngine\CurVer
Reg HKLM\SOFTWARE\Classes\VBUpgradeEngineLib_9_0.VBUpgradeEngine\CurVer@ VBUpgradeEngineLib_9_0.VBUpgradeEngine.1
Reg HKLM\SOFTWARE\Classes\VBUpgradeEngineLib_9_0.VBUpgradeEngine.1@ VBUpgradeEngine Class
Reg HKLM\SOFTWARE\Classes\VBUpgradeEngineLib_9_0.VBUpgradeEngine.1\CLSID
Reg HKLM\SOFTWARE\Classes\VBUpgradeEngineLib_9_0.VBUpgradeEngine.1\CLSID@ {EB29F2BC-A843-4c09-9355-03E58D51EC29}
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vscontent@ Visual Studio Community Content Installer File
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vscontent@AlwaysShowExt 1
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vscontent\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vscontent\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSContentInstaller.exe,-32512
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vscontent\shell
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vscontent\shell\Open
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vscontent\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vscontent\shell\Open\Command@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSContentInstaller.exe" "%1"
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vsi@ Visual Studio Community Content Installer File
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vsi@AlwaysShowExt 1
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vsi\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vsi\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSContentInstaller.exe,-32512
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vsi\shell
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vsi\shell\Open
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vsi\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VisualStudio.ContentInstaller.vsi\shell\Open\Command@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSContentInstaller.exe" "%1"
Reg HKLM\SOFTWARE\Classes\VisualStudio.edmx.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Microsoft.Data.Entity.Design.Package.dll,0
Reg HKLM\SOFTWARE\Classes\VisualStudio.edmx.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VisualStudio.edmx.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VisualStudio.edmx.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe" /dde
Reg HKLM\SOFTWARE\Classes\VisualStudio.edmx.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VisualStudio.edmx.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VisualStudio.edmx.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VisualStudio.edmx.9.0\shell\Open\ddeexec\Application@ VisualStudio.9.0
Reg HKLM\SOFTWARE\Classes\VisualStudio.edmx.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VisualStudio.edmx.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln@InfoTip prop:Size;Type;DocComments;Write
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln@TileInfo prop:Type;DocComments;Size
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln@ Microsoft Visual Studio Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\CLSID
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\CLSID@ {8B10A141-87EE-4A0F-823F-D79F5FF7B10A}
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\CurVer
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\CurVer@ VisualStudio.Solution.9.0
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\Shell
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\Shell\Open
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\Shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\Shell\Open\Command@ "C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\ShellEx
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\ShellEx\IconHandler
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\ShellEx\IconHandler@ {9A2B23E4-2A50-48DB-B3C3-F5EA12947CB8}
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\ShellEx\PropertyHandler
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.sln\ShellEx\PropertyHandler@ {9A2B23E4-2A50-48DB-B3C3-F5EA12947CB8}
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.suo@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.suo@ Visual Studio Solution User Options
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.suo\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher.suo\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-250
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln@ Microsoft Visual Studio Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-200
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln60@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln60@ Microsoft Visual Studio 6.0 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln60\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln60\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-201
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln70@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln70@ Microsoft Visual Studio .NET 2002 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln70\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln70\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-202
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln71@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln71@ Microsoft Visual Studio .NET 2003 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln71\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln71\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-203
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln80@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln80@ Microsoft Visual Studio 2005 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln80\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln80\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-204
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln90@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln90@ Microsoft Visual Studio 2008 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln90\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._sln90\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-210
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vbxsln80@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vbxsln80@ Microsoft Visual Basic Express 2005 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vbxsln80\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vbxsln80\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-205
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vbxsln90@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vbxsln90@ Microsoft Visual Basic Express 2008 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vbxsln90\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vbxsln90\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-211
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcppxsln80@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcppxsln80@ Microsoft Visual C++ Express 2005 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcppxsln80\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcppxsln80\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-208
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcppxsln90@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcppxsln90@ Microsoft Visual C++ Express 2008 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcppxsln90\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcppxsln90\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-214
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcsxsln80@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcsxsln80@ Microsoft Visual C# Express 2005 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcsxsln80\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcsxsln80\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-206
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcsxsln90@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcsxsln90@ Microsoft Visual C# Express 2008 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcsxsln90\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vcsxsln90\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-212
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vjsxsln80@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vjsxsln80@ Microsoft Visual J# Express 2005 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vjsxsln80\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vjsxsln80\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-207
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vwdxsln80@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vwdxsln80@ Microsoft Visual Web Developer Express 2005 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vwdxsln80\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vwdxsln80\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-209
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vwdxsln90@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vwdxsln90@ Microsoft Visual Web Developer Express 2008 Solution
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vwdxsln90\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.Launcher._vwdxsln90\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\MSEnv\VSFileHandler.dll,-215
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0@ OR Designer
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0@AlwaysShowExt 1
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Microsoft.VisualStudio.ORDesigner.DslPackage.dll,0
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\shell
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\shell\Open
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\shell\Open\Command@ "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe" /dde
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\shell\Open\ddeexec\Application@ VisualStudio.9.0
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VisualStudio.ORDesigner.9.0\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2@AlwaysShowExt 1
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2@ Text Template
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\DefaultIcon@ C:\Program Files\Common Files\Microsoft Shared\TextTemplating\1.2\TextTemplate.ico,0
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\shell
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\shell\Open
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\shell\Open\Command
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\shell\Open\Command@ "%VsInstallDir%\devenv.exe" /dde "%1"
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\shell\Open\ddeexec
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\shell\Open\ddeexec@ Open("%1")
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\shell\Open\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\shell\Open\ddeexec\Application@ VisualStudio.9.0
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\shell\Open\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\VisualStudio.TextTemplating.1.2\shell\Open\ddeexec\Topic@ system
Reg HKLM\SOFTWARE\Classes\VisualStudio.user.9.0@NoOpen
Reg HKLM\SOFTWARE\Classes\VisualStudio.user.9.0@ Visual Studio Project User Options file
Reg HKLM\SOFTWARE\Classes\VisualStudio.user.9.0\DefaultIcon
Reg HKLM\SOFTWARE\Classes\VisualStudio.user.9.0\DefaultIcon@ C:\Program Files\Microsoft Visual Studio 9.0\Common7\Packages\dirprj.dll,-317
Reg HKLM\SOFTWARE\Classes\VSFileHandler.VsShellExtHandler@ VsShellExtHandler Class
Reg HKLM\SOFTWARE\Classes\VSFileHandler.VsShellExtHandler\CLSID
Reg HKLM\SOFTWARE\Classes\VSFileHandler.VsShellExtHandler\CLSID@ {9A2B23E4-2A50-48DB-B3C3-F5EA12947CB8}
Reg HKLM\SOFTWARE\Classes\VSFileHandler.VsShellExtHandler\CurVer
Reg HKLM\SOFTWARE\Classes\VSFileHandler.VsShellExtHandler\CurVer@ VSFileHandler.VsShellExtHandler.1
Reg HKLM\SOFTWARE\Classes\VSFileHandler.VsShellExtHandler.1@ VsShellExtHandler Class
Reg HKLM\SOFTWARE\Classes\VSFileHandler.VsShellExtHandler.1\CLSID
Reg HKLM\SOFTWARE\Classes\VSFileHandler.VsShellExtHandler.1\CLSID@ {9A2B23E4-2A50-48DB-B3C3-F5EA12947CB8}
Reg HKLM\SOFTWARE\Classes\VsWizard.VsWizardEngine.9.0@ VsWizard Class
Reg HKLM\SOFTWARE\Classes\VsWizard.VsWizardEngine.9.0\CLSID
Reg HKLM\SOFTWARE\Classes\VsWizard.VsWizardEngine.9.0\CLSID@ {D93D71F8-7E7C-40d4-83AF-2ADA2FA3C63E}
Reg HKLM\SOFTWARE\Classes\VsWizard.WizCombo.9.0@ WizCombo Class
Reg HKLM\SOFTWARE\Classes\VsWizard.WizCombo.9.0\CLSID
Reg HKLM\SOFTWARE\Classes\VsWizard.WizCombo.9.0\CLSID@ {5A0C78A8-07D8-48cd-B1DD-BA9752C79F1C}
Reg HKLM\SOFTWARE\Classes\VsWizard.WizCombo.9.0\Insertable
Reg HKLM\SOFTWARE\Classes\VsWizard.WizCombo.9.0\Insertable@

---- EOF - GMER 1.0.15 ----
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm

Re: alureon.gen u & rootkit

Unread postby Adamskyy » December 3rd, 2009, 12:50 pm

OTL logfile created on: 03/12/2009 16:44:39 - Run 3
OTL by OldTimer - Version 3.1.11.1 Folder = C:\Users\adam\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.33% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.15 Gb Total Space | 82.82 Gb Free Space | 59.52% Space Free | Partition Type: NTFS
Drive D: | 74.50 Gb Total Space | 47.63 Gb Free Space | 63.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 142.94 Gb Total Space | 142.84 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 614.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/28 10:39:25 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe
PRC - [2009/11/19 19:30:32 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/19 19:30:31 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/19 19:30:31 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/19 19:30:31 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/19 19:30:31 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/19 19:30:31 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/19 19:30:17 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/19 19:30:17 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/19 18:53:17 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/28 02:02:42 | 01,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/08 17:57:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/01 19:44:00 | 00,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/10/01 19:43:56 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/09/23 22:11:34 | 00,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/07/30 01:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/30 01:52:50 | 00,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/06/13 04:17:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2008/05/21 01:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/03/26 05:21:30 | 05,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 20:25:10 | 00,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 20:24:46 | 00,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
PRC - [2008/01/21 02:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 02:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/21 02:24:54 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/01/21 02:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2005/01/29 01:09:42 | 00,876,649 | ---- | M] (BT Voyager Corporation) -- C:\Windows\System32\bcmwltry.exe
PRC - [2005/01/29 01:09:42 | 00,696,422 | ---- | M] (BT Voyager Corporation) -- C:\Windows\System32\wltray.exe
PRC - [2005/01/19 10:01:22 | 00,065,536 | ---- | M] () -- C:\Windows\System32\wltrysvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/28 10:39:25 | 00,535,040 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe
MOD - [2008/11/27 04:35:06 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/08/28 03:37:46 | 00,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2008/07/30 01:52:40 | 00,240,176 | ---- | M] (Egis Incorporated.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
MOD - [2008/07/30 01:52:34 | 00,121,392 | ---- | M] (Egis Inc.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
MOD - [2008/01/21 02:23:54 | 00,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008/01/21 02:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0201691259589367mcinstcleanup) McAfee Application Installer Cleanup (0201691259589367)
SRV - [2009/11/19 19:30:17 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/19 19:30:17 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/08 17:57:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/10/01 19:43:56 | 00,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/09/23 22:11:34 | 00,144,632 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/09/23 22:11:32 | 00,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/07/30 01:53:00 | 00,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/03 05:51:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2008/06/13 04:17:38 | 00,241,734 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008/05/21 01:50:50 | 00,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/29 20:25:10 | 00,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 20:24:46 | 00,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/21 02:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/24 11:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/01/19 10:01:22 | 00,065,536 | ---- | M] () -- C:\Windows\System32\wltrysvc.exe -- (wltrysvc)
SRV - [2002/12/17 16:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 16:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2009/11/19 19:30:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/19 19:30:34 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/19 19:30:34 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/21 17:37:49 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/03 17:26:12 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\Windows\System32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/09/28 02:02:42 | 00,016,472 | ---- | M] () -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/30 22:03:08 | 06,754,712 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2009/04/06 12:19:46 | 00,023,064 | ---- | M] (Screaming Bee LLC) -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2008/12/10 15:56:26 | 00,017,792 | ---- | M] (Avnex) -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/12/08 17:57:00 | 07,391,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/01 18:04:16 | 00,012,832 | ---- | M] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/07/30 01:53:12 | 00,060,464 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/30 01:53:10 | 00,018,992 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/30 01:53:10 | 00,016,944 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/03/26 10:35:54 | 02,103,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/03/22 15:18:44 | 00,043,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/01/30 09:52:06 | 00,014,848 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 09:51:50 | 00,013,824 | ---- | M] (NewTech Infosystems Corporation) -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/29 05:55:00 | 01,042,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 12:02:02 | 00,140,832 | ---- | M] () -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/01/21 02:24:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/01/21 02:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/12 08:53:10 | 00,013,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/09/25 14:59:46 | 00,015,152 | ---- | M] () -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2005/12/21 10:14:52 | 00,019,712 | ---- | M] (Pinnacle Systems, Inc.) -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/06/02 19:28:38 | 00,171,008 | ---- | M] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_x3200
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://facebook.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/19 19:30:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/19 18:53:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 09:54:10 | 00,000,000 | ---D | M]

[2009/10/17 15:50:04 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2009/10/17 15:50:04 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\contact@callgraph.in
[2009/12/03 16:35:29 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\extensions
[2009/11/02 19:03:08 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2009/11/14 16:37:40 | 00,002,653 | ---- | M] () -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\nfqifbzn.default\searchplugins\kickasstorrents.xml
[2009/12/03 16:35:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/09 23:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2009/11/19 18:53:20 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/19 18:53:20 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/19 18:53:21 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/19 18:53:21 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [wltray.exe] C:\Windows\System32\wltray.exe (BT Voyager Corporation)
O4 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-887134994-1243305392-2542070696-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/01/12 14:29:16 | 00,000,047 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/03 15:38:43 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/12/03 15:38:43 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/03 15:38:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/03 15:38:43 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/03 10:30:11 | 00,000,000 | ---D | C] -- C:\Users\adam\Desktop\SysProt
[2009/12/01 19:47:26 | 00,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2009/12/01 13:38:01 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/12/01 13:38:01 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/12/01 13:38:01 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/12/01 13:38:01 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/12/01 13:37:48 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/12/01 13:37:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/30 14:30:34 | 00,000,000 | ---D | C] -- C:\Users\adam\Desktop\Alureon stuff
[2009/11/30 14:02:19 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/28 23:14:01 | 00,000,000 | ---D | C] -- C:\temp
[2009/11/28 23:14:01 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Pinnacle
[2009/11/28 23:13:49 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\InstantCDDVD
[2009/11/28 23:13:15 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Pinnacle
[2009/11/28 23:06:42 | 00,233,472 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\DiskIO.dll
[2009/11/28 23:06:42 | 00,184,320 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\RALMain.dll
[2009/11/28 23:06:42 | 00,073,728 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\MMAviAx.dll
[2009/11/28 23:06:41 | 00,126,976 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\AVIPrAx.dll
[2009/11/28 23:06:41 | 00,039,936 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\CacheX.dll
[2009/11/28 23:06:41 | 00,032,768 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\MLPagAx.dll
[2009/11/28 23:04:03 | 00,171,008 | ---- | C] (Pinnacle Systems GmbH) -- C:\Windows\System32\drivers\MarvinBus.sys
[2009/11/28 23:02:13 | 00,019,712 | ---- | C] (Pinnacle Systems, Inc.) -- C:\Windows\System32\drivers\emAudio.sys
[2009/11/28 23:01:17 | 00,930,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltr13n.dll
[2009/11/28 23:01:17 | 00,306,352 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltrio13n.dll
[2009/11/28 23:01:16 | 02,079,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCLR13s.dll
[2009/11/28 23:01:16 | 01,693,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTCLR13n.dll
[2009/11/28 23:01:16 | 01,013,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Ltwvc13n.dll
[2009/11/28 23:01:16 | 00,884,736 | ---- | C] (Fellowes, Inc.) -- C:\Windows\System32\LMUIRes.dll
[2009/11/28 23:01:16 | 00,453,120 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn13n.dll
[2009/11/28 23:01:16 | 00,409,600 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP13s.DLL
[2009/11/28 23:01:16 | 00,393,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP13n.DLL
[2009/11/28 23:01:16 | 00,153,088 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil13n.DLL
[2009/11/28 23:01:16 | 00,110,080 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpsd13s.dll
[2009/11/28 23:01:16 | 00,070,144 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp13s.dll
[2009/11/28 23:01:16 | 00,064,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga13s.dll
[2009/11/28 23:01:16 | 00,030,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp13n.dll
[2009/11/28 23:01:16 | 00,024,576 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga13n.dll
[2009/11/28 23:01:16 | 00,012,288 | ---- | C] (Fellowes, Inc.) -- C:\Windows\System32\LMLRes.dll
[2009/11/28 23:00:59 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCP70.DLL
[2009/11/28 23:00:59 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ATL70.DLL
[2009/11/28 22:59:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2009/11/28 22:59:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2009/11/28 22:59:11 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\InstallShield
[2009/11/28 10:38:13 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/11/28 10:37:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/11/26 09:59:24 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 11:27:14 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/24 12:09:13 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Temporary Projects
[2009/11/24 11:49:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2009/11/23 21:47:12 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/11/23 21:46:07 | 00,000,000 | ---D | C] -- C:\Users\adam\Documents\Visual Studio 2008
[2009/11/23 21:45:55 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Microsoft Help
[2009/11/23 21:43:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/11/23 21:43:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/11/21 10:46:42 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\ImgBurn
[2009/11/21 10:36:44 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/11/19 19:30:40 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/19 19:30:38 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/19 19:30:38 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/19 19:30:34 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/19 19:30:34 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/19 19:30:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/11/19 19:30:17 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/19 19:30:16 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/11/19 18:40:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/11/19 17:58:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/19 16:36:44 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/19 16:35:38 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/18 21:06:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/18 21:06:21 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/18 20:45:38 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes
[2009/11/18 20:45:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/18 20:45:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 20:29:43 | 00,000,000 | ---D | C] -- C:\Program Files\Quantum
[2009/11/13 13:33:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/11/11 13:53:14 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\LogiShrd
[2009/11/11 13:52:41 | 00,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/11/11 13:49:36 | 00,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2009/11/11 13:49:35 | 00,000,000 | ---D | C] -- C:\Program Files\Logitech
[2009/11/11 11:28:09 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/11 11:28:09 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi(543).dll
[2009/11/09 22:03:10 | 00,000,000 | ---D | C] -- C:\Program Files\Web Site Change Monitor
[2009/11/06 20:26:40 | 00,000,000 | ---D | C] -- C:\Games
[2009/10/21 17:37:49 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Adam\AppData\Roaming\pcouffin.sys
[2009/01/09 16:51:34 | 00,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2009/12/03 16:45:33 | 02,097,152 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT
[2009/12/03 16:44:47 | 00,012,800 | ---- | M] () -- C:\Windows\System32\tdlclk.dll
[2009/12/03 16:41:00 | 00,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/12/03 16:11:19 | 00,000,039 | ---- | M] () -- C:\Users\adam\jagex_runescape_preferences.dat
[2009/12/03 16:02:56 | 00,000,069 | ---- | M] () -- C:\Users\adam\jagex_runescape_preferences2.dat
[2009/12/03 14:54:30 | 00,023,552 | ---- | M] () -- C:\Windows\System32\tdlcmd.dll
[2009/12/03 14:53:54 | 00,717,234 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/03 14:53:54 | 00,617,772 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/03 14:53:54 | 00,113,132 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/03 14:49:42 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/12/03 14:49:40 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/03 14:49:40 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/03 14:49:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/03 14:49:28 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/03 14:49:22 | 29,512,17152 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/03 14:49:10 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/12/03 10:28:38 | 46,090,958 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/12/03 10:28:22 | 00,111,793 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/12/02 21:33:50 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000001.regtrans-ms
[2009/12/02 21:33:50 | 00,065,536 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TM.blf
[2009/12/02 21:33:34 | 03,386,238 | -H-- | M] () -- C:\Users\adam\AppData\Local\IconCache.db
[2009/12/01 13:55:35 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/01 13:36:59 | 03,573,627 | R--- | M] () -- C:\Users\adam\Desktop\AdamskyyCF.exe.exe
[2009/11/28 23:36:54 | 00,036,352 | ---- | M] () -- C:\Users\adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 23:11:00 | 00,079,904 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2009/11/28 23:09:20 | 00,315,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/25 16:49:05 | 00,001,558 | ---- | M] () -- C:\Users\Public\Desktop\Pool Sharks.lnk
[2009/11/21 10:36:48 | 00,001,654 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/20 14:20:30 | 00,000,049 | ---- | M] () -- C:\Windows\wininit.ini
[2009/11/19 19:30:38 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/11/19 19:30:38 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/11/19 19:30:38 | 00,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/19 19:30:34 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/11/19 19:30:34 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/19 19:30:34 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/11/19 19:30:33 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/19 19:30:33 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/19 17:58:35 | 00,001,878 | ---- | M] () -- C:\Users\adam\Desktop\HijackThis.lnk
[2009/11/19 16:16:50 | 00,008,224 | ---- | M] () -- C:\Users\adam\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/19 16:13:49 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000002.regtrans-ms
[2009/11/19 16:12:38 | 05,505,024 | -HS- | M] () -- C:\Users\adam\ntuser.dat_previous
[2009/11/19 16:12:37 | 00,524,288 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/19 16:12:37 | 00,065,536 | -HS- | M] () -- C:\Users\adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/11 14:04:58 | 00,134,158 | ---- | M] () -- C:\Users\adam\Documents\Driver Analysis for ADAM.html
[2009/11/08 20:50:59 | 00,035,840 | ---- | M] () -- C:\Users\adam\Desktop\Types of Business.doc
[2009/11/07 11:56:21 | 00,000,671 | ---- | M] () -- C:\Users\adam\AppData\Roaming\vso_ts_preview.xml

========== Files Created - No Company Name ==========

[2009/12/03 12:46:03 | 00,023,552 | ---- | C] () -- C:\Windows\System32\tdlcmd.dll
[2009/12/03 10:46:02 | 00,012,800 | ---- | C] () -- C:\Windows\System32\tdlclk.dll
[2009/12/01 13:38:01 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/12/01 13:38:01 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/12/01 13:38:01 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/12/01 13:38:01 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/12/01 13:38:01 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/01 13:36:47 | 03,573,627 | R--- | C] () -- C:\Users\adam\Desktop\AdamskyyCF.exe.exe
[2009/11/30 14:10:22 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs
[2009/11/28 23:01:16 | 00,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2009/11/28 23:01:16 | 00,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2009/11/28 23:01:16 | 00,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2009/11/28 23:01:16 | 00,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2009/11/28 23:01:16 | 00,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2009/11/28 23:00:41 | 00,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/11/25 16:49:05 | 00,001,558 | ---- | C] () -- C:\Users\Public\Desktop\Pool Sharks.lnk
[2009/11/21 11:42:52 | 00,000,069 | ---- | C] () -- C:\Users\adam\jagex_runescape_preferences2.dat
[2009/11/21 11:42:48 | 00,000,039 | ---- | C] () -- C:\Users\adam\jagex_runescape_preferences.dat
[2009/11/21 10:36:48 | 00,001,654 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/11/20 14:20:30 | 00,000,049 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/19 19:30:38 | 00,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009/11/19 19:30:34 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/11/19 19:30:33 | 46,090,958 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/19 19:30:33 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/11/19 19:30:33 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/11/19 19:30:33 | 00,111,793 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/19 17:58:35 | 00,001,878 | ---- | C] () -- C:\Users\adam\Desktop\HijackThis.lnk
[2009/11/19 16:27:42 | 29,512,17152 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/19 16:13:49 | 00,524,288 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000002.regtrans-ms
[2009/11/19 16:13:49 | 00,524,288 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TMContainer00000000000000000001.regtrans-ms
[2009/11/19 16:13:49 | 00,065,536 | -HS- | C] () -- C:\Users\adam\NTUSER.DAT{7e1dcd69-d522-11de-9516-0016e3b4ac37}.TM.blf
[2009/11/11 14:04:57 | 00,134,158 | ---- | C] () -- C:\Users\adam\Documents\Driver Analysis for ADAM.html
[2009/11/08 20:50:58 | 00,035,840 | ---- | C] () -- C:\Users\adam\Desktop\Types of Business.doc
[2009/10/21 17:39:41 | 00,000,671 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\vso_ts_preview.xml
[2009/10/21 17:38:57 | 00,000,034 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.log
[2009/10/21 17:37:49 | 00,007,887 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.cat
[2009/10/21 17:37:49 | 00,001,144 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.inf
[2009/10/20 17:21:59 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/10/03 18:55:05 | 00,036,352 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 17:20:37 | 00,003,126 | ---- | C] () -- C:\Windows\System32\bcmwlhom.ini
[2009/04/30 21:39:36 | 00,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/01/09 18:29:31 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/09 18:19:34 | 00,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/01/09 16:50:50 | 00,140,832 | ---- | C] () -- C:\Windows\System32\drivers\nvstor32.sys
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/11 08:23:13 | 00,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/11 08:23:13 | 00,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

========== LOP Check ==========

[2009/01/09 19:00:58 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Acer GameZone Console
[2009/10/20 17:14:13 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Broad Intelligence
[2009/10/17 15:55:47 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Call Graph
[2009/11/21 10:58:15 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ImgBurn
[2009/11/11 13:52:41 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/11/17 16:13:58 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Pamela
[2009/10/08 15:00:34 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Publish Providers
[2009/10/11 21:20:40 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Screaming Bee
[2009/10/17 15:50:02 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Sedna Wireless
[2009/10/08 15:00:17 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Sony
[2009/11/07 11:56:22 | 00,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Vso
[2009/01/09 19:00:58 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009/01/09 19:00:58 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/12/02 21:33:45 | 00,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/01/21 02:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/21 02:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 02:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 02:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 02:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 02:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/21 02:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 02:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 02:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 02:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/21 02:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 02:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 02:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008/01/21 02:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 02:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< >
< End of report >


I'm afraid an Extras log wasn't produced, I don't think I did anything wrong. I'm sorry if I did, here is a picture for reference of what I did with OTL:
Image


As for redirections I still experience them.
Adamskyy
Regular Member
 
Posts: 38
Joined: November 19th, 2009, 1:53 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware