Drilsk popup-.

Hej ;-)

Nu er dette en 64 bit maskine, der er ikke mange værktøjer der kan køre på disse maskiner.

De scanninger her skal køres fra "Fejlsikret tilstand"

Hent Ccleaner her > Klik ude til højre på "Download Latest Version".
http://www.filehippo.com/download_ccleaner/
Der er en manual her > http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Der er en lille forskel "Problemer" er udskiftet med "Register".
Sæt de flueben som vist i manualen punkt 11 inden du kører "Renser".
PS.: Dette program vil  jeg anbefale dig at beholde, det er fremragende til at rydde op med.

Under installationen får du tilbudt [Yahoo Toolbar]. Sig "Nej"  til den.
Lad programmer foretage en oprydning i Renser og Register, og lad den slette det den finder.
Vi skal ikke se log fra Ccleaner.

>>

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind.


Hent så, og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start superantispyware, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
Start op i "Fejlsikret tilstand"

Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.

hold da op en smøre... CCleaner kender jeg ALT for godt, har brugt det i meget lang tid efterhånden.

Men henter lige de andre, og så kører jeg en scanning fra fejlsikret tilstand.

ked af at sige det, men super anti spyware kan ikke køre på win7. :/

(Du har jo heller ikke på noget tidspunkt nævnt hvilket OS du kører med ? Derfor "universal" pakken...)

Rigtigt nok. :)

Anyway.. her er log fra MalwareByte og HiJackThis i fejlsikret tilstand. :)

------------------------

Malwarebytes' Anti-Malware 1.40
Database version: 2616
Windows 6.1.7100 (Safe Mode)

13-08-2009 20:38:27
mbam-log-2009-08-13 (20-38-20).txt

Scan type: Full Scan (C:\|H:\|I:\|K:\|)
Objects scanned: 309036
Time elapsed: 25 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:43, on 13-08-2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~3.EXE
O4 - HKLM\..\Run: [Wallpaper Juggler Monitor] "C:\PROGRA~2\WALLPA~1\WALLPA~2.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Core Temp] "C:\Users\Supremacy\Downloads\CoreTemp64\Core Temp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Core Temp.lnk = Supremacy\Downloads\CoreTemp64\Core Temp.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{543223BD-5984-4BA8-B3FF-5FB399C2517D}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4DA1989-AB5F-43AE-A5ED-FCFBD6B68B82}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10617 bytes

---------------------------------------

Det skal lige siges, at jeg har ikke set skyggen af den popup siden jeg ryddede op i morges.. men vil hellere være sikker. :)

Mht. MalwareBytes - så har du glemt denne vigtige detalje ->
...Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" ... ...
Så om igen...

ej nu holder du op.. tager en krig at scanne... :(

ang. fjern det valgte... intet var valgt ?

Der var kun den fra hijackthis ?

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken ???

lige præcis.. det var det eneste der var.

Og den gjorde du intet ved - så om igen med scanningen.
Prøv først med en hurtig scanning om den finder den, og husk så: tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" ... ...

hurtig scanning tager nok ca. 3 min...

Hvs den finder noget, så vælger programmet det selv - derfor "Fjern det valgte" ....

okey går igang med det samme. :)

Malwarebytes' Anti-Malware 1.40
Database version: 2616
Windows 6.1.7100 (Safe Mode)

13-08-2009 23:50:34
mbam-log-2009-08-13 (23-50-34).txt

Scan type: Quick Scan
Objects scanned: 82581
Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sjovt nok.. efter jeg har fjernet den der.. så er det første der popper op når jeg genstarter den skide popup.. dvs. den er IKKE væk. :(

Du må ha´ lidt tålmodighed, jeg skal forsøge at hjælpe dig videre.


Hent Oldtimer's OTS herfra, gem den på skrivebordet.
http://oldtimer.g...om/OTS.exe

Dobbeltklik på OTS, > Klik på "Quick Scan" der vil nu åbne en logfil, kopier teksten herind.

Prøv dette link.

http://oldtimer.geekstogo.com/OTS.exe

EEN ting fatter jeg ikke...

Hvorfor finder du ikke et program der kan scanne i normal tilstand?
Den popup han lider under, bliver sikkert ikke aktiveret/indlæst i fejlsikker tilstand. Derfor bliver den ikke fundet.

*Enig* med <john_stigers> ...

Jeg kører selv 32 bit, så kan ikke hjælpe med at finde/teste programmer...

sullep ved faktisk godt hvad han gør. Det han linker til er et af de få programmer der kan køre 64 bit

Ok, men jeg undrer mig over fejlsikker tilstand?

Undskyld det meget sene svar, men blev kaldt på arbejde klokken 11:30, og havde ikke sovet.. anyway... OTS log.

----------------------

[code]
OTS logfile created on: 15-08-2009 00:22:34 - Run 1
OTS by OldTimer - Version 3.0.10.3    Folder = C:\Users\Supremacy\Desktop
64bit- Ultimate Edition  (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

4,00 Gb Total Physical Memory | 0,62 Gb Available Physical Memory | 15,52% Memory free
4,00 Gb Paging File | 0,24 Gb Available in Paging File | 5,95% Paging File free
Paging file location(s):  [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,46 Gb Total Space | 235,15 Gb Free Space | 84,14% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 247,87 Gb Free Space | 26,61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 465,76 Gb Total Space | 299,44 Gb Free Space | 64,29% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 358,55 Gb Free Space | 38,49% Space Free | Partition Type: NTFS
Drive K: | 931,51 Gb Total Space | 652,83 Gb Free Space | 70,08% Space Free | Partition Type: NTFS

Computer Name: ROADRUNNER
Current User Name: Supremacy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Quick Scan

[Processes - Safe List]
acrotray.exe -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe -> [2008-10-14 22:38:56 | 00,623,992 | ---- | M] (Adobe Systems Inc.)
ainap.exe -> C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe -> [2008-05-21 14:30:26 | 01,423,360 | ---- | M] ()
brs.exe -> C:\Program Files (x86)\CyberLink\Shared Files\brs.exe -> [2008-03-21 10:21:10 | 00,091,432 | ---- | M] (cyberlink)
daemon.exe -> C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe -> [2009-04-23 15:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd)
everest.exe -> I:\everest.ultimate.edition.5.00.1650\everestultimate500\everest.exe -> [2009-02-05 00:00:00 | 02,350,176 | ---- | M] (Lavalys, Inc.)
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2009-08-04 06:28:13 | 00,307,704 | ---- | M] (Mozilla Corporation)
fnplicensingservice.exe -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009-03-28 17:54:30 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009-03-09 06:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
lcdmedia.exe -> C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe -> [2007-07-18 01:32:55 | 00,460,048 | ---- | M] (Logitech Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
objectdock.exe -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe -> [2007-04-24 20:19:54 | 03,581,680 | ---- | M] (Stardock)
ots.exe -> C:\Users\Supremacy\Desktop\OTS.exe -> [2009-08-15 00:21:58 | 00,514,048 | ---- | M] (OldTimer Tools)
pdvd8serv.exe -> C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe -> [2008-03-20 21:23:22 | 00,083,240 | ---- | M] (Cyberlink Corp.)
sdwinsec.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009-01-26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)
teatimer.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe -> [2009-03-05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
wallpaperjugglerm.exe -> C:\Program Files (x86)\Wallpaper Juggler\WallPaperJugglerM.exe -> [2004-09-22 21:18:18 | 00,040,960 | ---- | M] (Topdownloads Networks)
aacenter.exe -> C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe -> [2008-05-16 16:57:38 | 00,615,424 | ---- | M] ()

[Win32 Services - Safe List]
64bit-(AMD External Events Utility) AMD External Events Utility [Win32_Own | Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009-07-02 19:16:05 | 00,203,264 | ---- | M] (AMD)
64bit-(AppIDSvc) Application Identity [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\appidsvc.dll -> [2009-04-22 07:38:59 | 00,032,256 | ---- | M] (Microsoft Corporation)
64bit-(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009-04-22 07:38:59 | 00,193,024 | ---- | M] (Microsoft Corporation)
64bit-(AxInstSV) ActiveX Installer (AxInstSV) [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\AxInstSV.dll -> [2009-04-22 07:39:03 | 00,114,688 | ---- | M] (Microsoft Corporation)
64bit-(BDESVC) BitLocker Drive Encryption Service [Win32_Shared | Unknown | Stopped] -> C:\Windows\SysNative\bdesvc.dll -> [2009-04-22 07:39:06 | 00,100,864 | ---- | M] (Microsoft Corporation)
64bit-(bthserv) Bluetooth Support Service [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\bthserv.dll -> [2009-04-22 07:39:08 | 00,083,968 | ---- | M] (Microsoft Corporation)
64bit-(CscService) Offline Files [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2009-04-22 07:39:25 | 00,689,152 | ---- | M] (Microsoft Corporation)
64bit-(defragsvc) Disk Defragmenter [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\defragsvc.dll -> [2009-04-22 07:39:29 | 00,291,328 | ---- | M] (Microsoft Corporation)
64bit-(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\dhcpcore.dll -> [2009-04-22 07:39:30 | 00,314,880 | ---- | M] (Microsoft Corporation)
64bit-(Fax) Fax [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\fxssvc.exe -> [2009-04-22 07:38:06 | 00,689,152 | ---- | M] (Microsoft Corporation)
64bit-(FontCache) Windows Font Cache Service [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009-04-22 07:39:46 | 01,126,400 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupListener) HomeGroup Listener [Win32_Shared | On_Demand | Running] -> C:\Windows\SysNative\ListSvc.dll -> [2009-04-22 07:40:08 | 00,235,520 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupProvider) HomeGroup Provider [Win32_Shared | On_Demand | Running] -> C:\Windows\SysNative\provsvc.dll -> [2009-04-22 07:40:56 | 00,187,392 | ---- | M] (Microsoft Corporation)
64bit-(p2pimsvc) Peer Networking Identity Manager [Win32_Shared | On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009-04-22 07:40:54 | 00,327,168 | ---- | M] (Microsoft Corporation)
64bit-(PeerDistSvc) BranchCache [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\peerdistsvc.dll -> [2009-04-22 07:40:52 | 01,361,920 | ---- | M] (Microsoft Corporation)
64bit-(PNRPAutoReg) PNRP Machine Name Publication Service [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\pnrpauto.dll -> [2009-04-22 07:40:54 | 00,025,088 | ---- | M] (Microsoft Corporation)
64bit-(PNRPsvc) Peer Name Resolution Protocol [Win32_Shared | On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009-04-22 07:40:54 | 00,327,168 | ---- | M] (Microsoft Corporation)
64bit-(Power) Power [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\umpo.dll -> [2009-04-22 07:41:29 | 00,164,352 | ---- | M] (Microsoft Corporation)
64bit-(RpcEptMapper) RPC Endpoint Mapper [Win32_Shared | Unknown | Running] -> C:\Windows\SysNative\RpcEpMap.dll -> [2009-04-22 07:40:58 | 00,067,072 | ---- | M] (Microsoft Corporation)
64bit-(SensrSvc) Adaptive Brightness [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\sensrsvc.dll -> [2009-04-22 07:41:01 | 00,029,184 | ---- | M] (Microsoft Corporation)
64bit-(sppsvc) Software Protection [Win32_Own | Auto | Running] -> C:\Windows\SysNative\sppsvc.exe -> [2009-04-22 07:38:24 | 03,524,608 | ---- | M] (Microsoft Corporation)
64bit-(sppuinotify) SPP Notification Service [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\sppuinotify.dll -> [2009-04-22 07:41:20 | 00,065,536 | ---- | M] (Microsoft Corporation)
64bit-(Themes) Themes [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\themeservice.dll -> [2009-04-22 07:41:26 | 00,044,544 | ---- | M] (Microsoft Corporation)
64bit-(UmRdpService) Remote Desktop Services UserMode Port Redirector [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2009-04-22 07:41:29 | 00,195,072 | ---- | M] (Microsoft Corporation)
64bit-(wbengine) Block Level Backup Engine Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009-04-22 07:38:44 | 01,503,744 | ---- | M] (Microsoft Corporation)
64bit-(WbioSrvc) Windows Biometric Service [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\wbiosrvc.dll -> [2009-04-22 07:41:31 | 00,201,216 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2009-04-22 07:40:14 | 01,011,200 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | Auto | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2009-04-22 07:38:49 | 01,529,856 | ---- | M] (Microsoft Corporation)
64bit-(WwanSvc) WWAN AutoConfig [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\wwansvc.dll -> [2009-04-22 07:41:48 | 00,228,352 | ---- | M] (Microsoft Corporation)
(Adobe Version Cue CS3) Adobe Version Cue CS3 [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> [2007-03-20 17:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated)
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2006-02-28 13:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009-04-04 22:05:06 | 00,067,424 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009-04-04 22:04:26 | 00,090,976 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> C:\Windows\SysWow64\dhcpcore.dll -> [2009-04-22 07:20:14 | 00,252,928 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2009-04-22 07:38:04 | 00,696,832 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2009-04-22 07:38:04 | 00,128,512 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009-03-28 17:54:30 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2009-04-04 22:04:48 | 00,043,904 | ---- | M] (Microsoft Corporation)
(HomeGroupProvider) HomeGroup Provider [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\provsvc.dll -> [2009-04-22 07:21:43 | 00,164,864 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2009-04-04 22:04:14 | 00,857,440 | ---- | M] (Microsoft Corporation)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2009-04-22 07:20:43 | 00,019,456 | ---- | M] (Microsoft Corporation)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2009-04-22 09:16:43 | 00,000,000 | ---D | M]
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2009-04-22 07:21:18 | 00,561,152 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008-11-04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006-10-26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(RapiMgr) Windows Mobile-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2007-05-31 11:11:46 | 00,225,672 | ---- | M] (Microsoft Corporation)
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009-01-26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2009-04-22 02:32:06 | 00,061,056 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | Disabled | Stopped] -> C:\Windows\Vss -> [2009-04-22 09:16:44 | 00,000,000 | ---D | M]
(WcesComm) Windows Mobile-2003-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2007-05-31 11:11:54 | 00,443,784 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> about:blank ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Users\Supremacy\AppData\Roaming\Mozilla\FireFox\Profiles\y9mr9vyi.default\prefs.js ->
extensions.enabledItems -> battlefieldheroespatcher@ea.com:4.0.21.0 ->
extensions.enabledItems -> bcIkariam@blankcanvasweb.com:1.00 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009-04-22 11:45:19 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions ->  ->
HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009-08-04 06:28:14 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009-08-04 06:28:14 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Supremacy\AppData\Roaming\mozilla\Extensions -> [2009-05-17 02:45:12 | 00,003,217 | ---- | M] ()
-> C:\Users\Supremacy\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009-05-17 02:45:12 | 00,003,217 | ---- | M] ()
-> C:\Users\Supremacy\AppData\Roaming\mozilla\Firefox\Profiles\y9mr9vyi.default\extensions -> [2009-08-04 06:28:17 | 00,097,398 | ---- | M] ()
-> C:\Users\Supremacy\AppData\Roaming\mozilla\Firefox\Profiles\y9mr9vyi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009-08-04 06:28:17 | 00,097,398 | ---- | M] ()
-> C:\Users\Supremacy\AppData\Roaming\mozilla\Firefox\Profiles\y9mr9vyi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2009-08-04 06:28:17 | 00,097,398 | ---- | M] ()
-> C:\Users\Supremacy\AppData\Roaming\mozilla\Firefox\Profiles\y9mr9vyi.default\extensions\battlefieldheroespatcher@ea.com -> [2009-08-04 06:28:17 | 00,097,398 | ---- | M] ()
-> C:\Users\Supremacy\AppData\Roaming\mozilla\Firefox\Profiles\y9mr9vyi.default\extensions\bcIkariam@blankcanvasweb.com -> [2009-08-04 06:28:17 | 00,097,398 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009-08-04 06:28:14 | 09,747,960 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009-08-04 06:28:14 | 09,747,960 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -> [2009-08-04 06:28:14 | 09,747,960 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009-08-04 06:28:14 | 09,747,960 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009-08-04 06:28:14 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009-08-04 06:28:12 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009-08-04 06:28:12 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009-08-04 06:28:14 | 00,000,000 | ---D | M]
npdeploytk.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009-03-09 06:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npLegitCheckPlugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npLegitCheckPlugin.dll -> [2009-02-06 13:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation)
npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009-08-04 06:28:13 | 00,065,528 | ---- | M] (mozilla.org)
NPOFF12.DLL -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006-10-26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)
nppdf32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008-10-14 22:33:29 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009-06-11 05:16:04 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009-06-11 05:16:04 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009-06-11 05:16:04 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009-06-11 05:16:04 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009-06-11 05:16:04 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009-06-11 05:16:04 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009-06-11 05:16:04 | 00,143,360 | ---- | M] (Apple Inc.)
QuickTimePlugin.class -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009-06-11 05:16:04 | 00,004,208 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009-08-04 06:28:14 | 00,000,000 | ---D | M]
amazon-co-uk.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazon-co-uk.xml -> [2009-08-04 06:28:13 | 00,001,525 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009-08-04 06:28:13 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009-08-04 06:28:13 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009-08-04 06:28:13 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009-08-04 06:28:13 | 00,001,706 | ---- | M] ()
wikipedia-da.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia-da.xml -> [2009-08-04 06:28:13 | 00,001,178 | ---- | M] ()
yahoo-dk.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo-dk.xml -> [2009-08-04 06:28:13 | 00,000,799 | ---- | M] ()
< HOSTS File > (738 bytes and 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
::1            localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{074C1DC5-9320-4A9A-947D-C042949C6216} [HKLM] -> C:\Program Files (x86)\Adobe\Adobe Contribute CS3\contributeieplugin.dll [ContributeBHO Class] -> [2007-03-16 16:13:06 | 00,118,784 | ---- | M] (Adobe Systems Incorporated.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009-02-27 13:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009-01-26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Hjælp til tilmelding til Windows Live] -> [2009-01-22 16:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009-03-09 06:18:50 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [DAEMON Tools Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" [HKLM] -> C:\Program Files (x86)\Adobe\Adobe Contribute CS3\contributeieplugin.dll [Contribute Toolbar] -> [2007-03-16 16:13:06 | 00,118,784 | ---- | M] (Adobe Systems Incorporated.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
64bit-WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [DAEMON Tools Toolbar] -> File not found
WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"CanonMyPrinter" -> C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> [2007-04-04 03:50:00 | 01,840,720 | ---- | M] (CANON INC.)
"CanonSolutionMenu" -> C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe ["C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon] -> [2007-05-15 03:01:00 | 00,644,696 | ---- | M] (CANON INC.)
"Launch LCDMon" -> C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe ["C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"] -> [2007-07-18 01:33:04 | 02,191,632 | ---- | M] (Logitech Inc.)
"Launch LGDCore" -> C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe ["C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE] -> [2007-07-18 02:10:04 | 03,036,944 | ---- | M] (Logitech Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" ->  [] -> File not found
"Acrobat Assistant 8.0" -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> [2008-10-14 22:38:56 | 00,623,992 | ---- | M] (Adobe Systems Inc.)
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009-02-27 18:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
"Adobe_ID0EYTHM" -> C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~3.EXE] -> [2007-03-20 17:40:44 | 01,884,160 | ---- | M] (Adobe Systems Incorporated)
"Ai Nap" -> C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ["C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"] -> [2008-05-21 14:30:26 | 01,423,360 | ---- | M] ()
"BDRegion" -> C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe ["C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe"] -> [2008-03-21 10:21:10 | 00,091,432 | ---- | M] (cyberlink)
"Cpu Level Up help" -> C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ["C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"] -> [2007-11-30 21:03:28 | 00,881,152 | ---- | M] ()
"PDVD8LanguageShortcut" -> C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ["C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"] -> [2007-12-14 12:36:42 | 00,050,472 | ---- | M] ()
"QFan Help" -> C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ["C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"] -> [2008-05-06 03:01:24 | 00,594,432 | ---- | M] ()
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009-05-26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"RemoteControl8" -> C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ["C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"] -> [2008-03-20 21:23:22 | 00,083,240 | ---- | M] (Cyberlink Corp.)
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2009-07-02 12:32:20 | 00,098,304 | ---- | M] (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009-03-09 06:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"Wallpaper Juggler Monitor" -> C:\Program Files (x86)\Wallpaper Juggler\WallPaperJugglerM.exe ["C:\PROGRA~2\WALLPA~1\WALLPA~2.EXE"] -> [2004-09-22 21:18:18 | 00,040,960 | ---- | M] (Topdownloads Networks)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Core Temp" -> C:\Users\Supremacy\Downloads\CoreTemp64\Core Temp.exe ["C:\Users\Supremacy\Downloads\CoreTemp64\Core Temp.exe"] -> [2009-01-23 12:20:52 | 00,419,856 | ---- | M] ()
"DAEMON Tools Lite" -> C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe ["C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun] -> [2009-04-23 15:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd)
"EVEREST AutoStart" -> I:\everest.ultimate.edition.5.00.1650\everestultimate500\everest_start.exe [I:\everest.ultimate.edition.5.00.1650\everestultimate500\everest_start.exe] -> [2009-02-05 00:00:00 | 00,334,928 | ---- | M] ()
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2009-04-22 07:38:34 | 01,474,560 | ---- | M] (Microsoft Corporation)
"SpybotSD TeaTimer" -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe] -> [2009-03-05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" ->  [1] -> File not found
\\"ForceActiveDesktopOn" ->  [0] -> File not found
\\"NoActiveDesktopChanges" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [2] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableInstallerDetection" ->  [1] -> File not found
\\"EnableLUA" ->  [1] -> File not found
\\"EnableSecureUIAPaths" ->  [1] -> File not found
\\"EnableUIADesktopToggle" ->  [0] -> File not found
\\"EnableVirtualization" ->  [1] -> File not found
\\"PromptOnSecureDesktop" ->  [1] -> File not found
\\"ValidateAdminCodeSignatures" ->  [0] -> File not found
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"scforceoption" ->  [0] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"FilterAdministratorToken" ->  [0] -> File not found
\\"legalnoticetext" ->  [] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" ->  [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" ->  [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" ->  [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" ->  [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" ->  [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" ->  [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" ->  [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append to existing PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append to existing PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2007-05-10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Windows\WindowsMobile\INetRepl.dll [Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222] -> [2007-05-31 10:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Windows\WindowsMobile\INetRepl.dll [Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223] -> [2007-05-31 10:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009-01-26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3 domain(s) found. ->
danskebank.dk .

-> Trusted sites ->

2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{D8575CE3-3432-4540-88A9-85A1325D3375} [HKLM] -> https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab [e-Safekey] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 89.150.129.4 89.150.129.10 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{543223BD-5984-4BA8-B3FF-5FB399C2517D}\\DhcpNameServer -> 89.150.129.4 89.150.129.10  (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->
{543223BD-5984-4BA8-B3FF-5FB399C2517D}\\NameServer -> 208.67.222.222,208.67.220.220  (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->
{7C5B958B-2E26-4B2C-B12B-9FC51A09EBBB}\\DhcpNameServer -> 89.150.129.4 89.150.129.10  (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->
{F4DA1989-AB5F-43AE-A5ED-FCFBD6B68B82}\\DhcpNameServer -> 89.150.129.4 89.150.129.10  (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->
{F4DA1989-AB5F-43AE-A5ED-FCFBD6B68B82}\\NameServer -> 208.67.222.222,208.67.220.220  (Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009-04-22 07:38:05 | 02,858,496 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009-04-22 07:38:40 | 00,082,432 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009-04-22 07:19:02 | 02,607,616 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009-04-22 07:19:35 | 00,081,920 | ---- | M] (Microsoft Corporation)
/pagefile ->  -> File not found
*MultiFile Done* -> ->
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
pku2u -> C:\Windows\SysNative\pku2u.dll -> [2009-04-22 07:40:54 | 00,240,640 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
pku2u -> C:\Windows\SysWow64\pku2u.dll -> [2009-04-22 07:21:41 | 00,186,880 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{006EBDA3-6A76-4957-92B3-B416932B3CC5} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system |
{074DC105-AF40-42D8-BB29-985D2E6D8178} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system |
{15FCCCCD-D2FC-4C64-B651-946186BCA592} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{1A55A0CA-66EF-4DDC-A1C3-CE661A2B81DF} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss |
{1EFA2538-E520-44CB-B2A5-D54C919516BB} -> rport=5679 | protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4015 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{20EB4FC2-78F6-4A76-9CB5-9EAAABE6E1B9} -> lport=50901 | profile=private | protocol=6 | dir=in | action=allow | name=adobe version cue cs3 server |
{21D50A8E-55A7-4F7E-8EAD-1AD859099F58} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{2CCED5E0-5653-40FD-ABBB-D11C51FC895F} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system |
{305811E4-CD41-4E36-ABEE-F934F309EE03} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{33D8457E-0392-4311-B563-B642A07C7F64} -> lport=50900 | profile=private | protocol=6 | dir=in | action=allow | name=adobe version cue cs3 server |
{45A04250-C88B-40BA-8478-51108B786927} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system |
{4BF15CCD-0BD3-4AA9-8FC1-192AAD623551} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system |
{55541D41-E2C4-42AF-BE5B-8A2E60F76DDE} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{66EA54D0-7C44-4B83-9D5E-B7C6426DA437} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{7159905B-3778-42EC-B7B9-8A7724945E28} -> rport=5679 | protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdsync.exe,-4001 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{74B291D7-30DD-4EBA-B869-4929C0D28A05} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system |
{7DB70734-C284-4D64-8B2E-9E6DAECEF01D} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{A097A5CB-EC6D-43C7-8B6A-56BD466C3089} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system |
{A13C37DE-5483-4282-8D64-5DCB646D03B9} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{AFA4850B-B74A-4DB5-A643-1CB81A8E57B0} -> lport=5678 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4004 | app=%systemroot%\windowsmobile\wmdhost.exe |
{B299AF4C-1FD1-4C27-84A6-DCA4E55334CE} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{B56A0DDB-DFF8-4A4C-A83C-A3BC6D6FB023} -> lport=999 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4005 | app=%systemroot%\windowsmobile\wmdhost.exe |
{B842B221-E5C0-4A6D-8B75-AC6727E6BFE1} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{C3FBEC82-4AC7-4105-AB47-A240DDACD14F} -> lport=5721 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4002 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{CD90380A-6FC8-4CAC-8CC9-CAF128CE55E3} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{D3DA7A7D-4FD2-4EC1-94FA-A8721D82AC1C} -> lport=3704 | profile=private | protocol=6 | dir=in | action=allow | name=adobe version cue cs3 server |
{D5FB301B-4CEB-4FDC-B8AA-6CBC935E36C9} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system |
{D69B7A09-F1CA-4816-8E6E-E4E091E6D189} -> lport=26675 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
{DB5359F0-8533-4D54-B317-5009BFD5768E} -> lport=3703 | profile=private | protocol=6 | dir=in | action=allow | name=adobe version cue cs3 server |
{E0186AD4-A047-423A-9A89-902265A73247} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system |
{E0FB502A-3910-4120-9B0E-9E7C05499FD1} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system |
{E713E483-D630-473D-B276-287C1185CF1E} -> lport=990 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdsync.exe,-4001 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{E7B34C9B-FCAD-40B6-A28C-07EA5BE6323C} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system |
{EBB50B20-36B7-4F30-9F66-C4A20AB4D312} -> lport=990 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4001 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{F3B362BA-D241-4CA6-A314-2F5A537CFA68} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{F3DEB498-B5DF-4C26-A699-9856153ABABA} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{0483B70D-007F-4910-A91F-0C419A0FB849} -> protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4002 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{171AAA7D-59EC-49C5-9110-138719717F57} -> profile=private | protocol=17 | dir=in | action=allow | name=adobe version cue cs3 server | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
{1B044494-3CD2-43C4-AB58-82107D511B20} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{1E166FEA-FE12-4658-BFA6-2ECF25B34E10} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{21618444-C034-4494-B17F-079BC8ACD324} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{275C5ABA-C795-41DB-A5D5-29CBFDFED975} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{295F43E2-1E85-4B56-878C-CCF8CC240467} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{29B1161C-A5E1-4209-8691-EB8D9500875D} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{359B32D5-DCA8-4579-96A1-9EE7825E12BD} -> dir=in | action=allow | name=cyberlink powerdvd 8.0 | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
{35B6EA53-0111-42CA-BEE8-D473529F5DCF} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost |
{3B43E941-8F2F-4850-BCC3-BDCEE10ED58F} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{491FEBC2-96BD-4461-9E7D-2C74FFC79DD7} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe |
{4A7E5FA1-2033-4A38-98BA-781EC274A443} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{4D29AF97-5123-4C08-9663-DDE7FC5AB0EE} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe |
{4E672398-AA21-421C-8A50-5B591ED8BFAF} -> protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4002 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{552CF319-DFCD-445B-A5CD-A85C530E0054} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe |
{67A92905-1AF1-48A1-9FBB-191ECB98707C} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe |
{6A18D8FF-7ACE-4793-BC4E-E74E39CA9F4C} -> profile=private | protocol=6 | dir=in | action=allow | name=objectdock plus | app=c:\program files (x86)\stardock\objectdock\objectdock.exe |
{6CBCE67F-1580-447A-965A-9CB0E3BB88DC} -> protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4002 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{791A4288-2962-4EE6-9E3C-CF3FA400AD41} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 |
{7D419D7B-93E9-416A-B46F-ACAE2F1879A2} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{7EC30FAD-3077-47A6-82E7-0BC923829D96} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 |
{7EE32B11-8F6F-4C98-8235-F0F8F61D5585} -> profile=private | protocol=6 | dir=in | action=allow | name=adobe version cue cs3 server | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
{7EF6C9C9-9079-4BB6-958F-DDE9CEE1AD83} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{7F8AF6DE-896E-44A4-8A50-BA6AA5CC97FA} -> profile=private | protocol=6 | dir=in | action=allow | name=adobeupdx | app=c:\windows\adobeupdx.exe |
{7AA03732-6D13-46DF-80FC-CFE46E059506} -> profile=private | protocol=17 | dir=in | action=allow | name=objectdock plus | app=c:\program files (x86)\stardock\objectdock\objectdock.exe |
{8DAE442A-D211-4727-929C-319B252DB0C3} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 |
{8DE981CD-EFDE-4505-963A-0550055983E3} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{921ECDD1-8966-4208-BAB6-8DE3D925719A} -> profile=private | protocol=17 | dir=in | action=allow | name=adobeupdx | app=c:\windows\adobeupdx.exe |
{97BC8725-57DC-481B-B6C7-50E22685540B} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 |
{9BD4F55B-0C21-4FA3-9628-037B85FF8418} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{9C215561-D9B5-41D9-AAF1-3CB0E05CA0C3} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{ADB39AD7-9F36-4E9B-97E0-E760A8F27C2C} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{AF7AFF8E-DB38-405C-82E5-35128A146269} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{AF923079-A215-4A0D-9CFB-5C52EF513EE6} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{B2CB2AD8-DC14-4266-AFAA-FD2126FF7A00} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{B788598D-3241-4EEA-942B-AC8B2EB3FB75} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{B7C12B6F-C4A1-49E6-987B-E4331E069584} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{C4E620A5-378C-4ACF-B025-44FF0DB1B69F} -> protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4002 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{C9A70C43-2F4A-4E70-90CE-56A8560AA42D} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{C9ACC6B0-07C0-46DA-9D14-AE8CB8288FCD} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe |
{D31758AD-F79C-4A5B-B3EE-A2A905FA1FF5} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{DEB41954-A4CB-4B7B-81B9-30C0905980A8} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system |
{E5A8AF3B-7B8C-42C4-95ED-AA204899A55E} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{E79FBD51-514B-4BBC-804A-6E7AF02F393F} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe |
{EA949543-11BB-433B-B1CA-33BA17450347} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{FC82E2AA-B08B-47C5-8024-159B6250AD3D} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe |
TCP Query User{5461546A-4682-4985-93D8-2D7F7B58F8AC}C:\program files\windows sidebar\sidebar.exe -> profile=private | protocol=6 | dir=in | action=allow | name=windows desktop gadgets | app=c:\program files\windows sidebar\sidebar.exe |
TCP Query User{ABB1E6EA-9510-4287-A746-E0988745DE1B}C:\program files (x86)\iometer.org\iometer 2006.07.27\dynamo.exe -> profile=private | protocol=6 | dir=in | action=allow | name=iometer workload generator | app=c:\program files (x86)\iometer.org\iometer 2006.07.27\dynamo.exe |
TCP Query User{ACA304E5-EEBA-44DB-B933-2552F3E1BDCC}C:\program files (x86)\iometer.org\iometer 2006.07.27\iometer.exe -> profile=private | protocol=6 | dir=in | action=allow | name=iometer control/gui | app=c:\program files (x86)\iometer.org\iometer 2006.07.27\iometer.exe |
UDP Query User{7AC20104-1A60-43FC-9DE4-DF7860C28DA7}C:\program files (x86)\iometer.org\iometer 2006.07.27\iometer.exe -> profile=private | protocol=17 | dir=in | action=allow | name=iometer control/gui | app=c:\program files (x86)\iometer.org\iometer 2006.07.27\iometer.exe |
UDP Query User{A0381752-2CEA-4FCE-B2FB-6B5FB103BC14}C:\program files (x86)\iometer.org\iometer 2006.07.27\dynamo.exe -> profile=private | protocol=17 | dir=in | action=allow | name=iometer workload generator | app=c:\program files (x86)\iometer.org\iometer 2006.07.27\dynamo.exe |
UDP Query User{A306EF84-A51D-489E-85B2-6B41DE76A969}C:\program files\windows sidebar\sidebar.exe -> profile=private | protocol=17 | dir=in | action=allow | name=windows desktop gadgets | app=c:\program files\windows sidebar\sidebar.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009-04-22 05:23:27 | 00,147,456 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  ->
D:\AUTODESK.3DSMAX.V2009.RETAIL.DVD-ISO [] -> D:\AUTODESK.3DS [ NTFS ] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


[Files/Folders - Created Within 14 Days]
OTS.exe -> C:\Users\Supremacy\Desktop\OTS.exe -> [2009-08-15 00:21:55 | 00,514,048 | ---- | C] (OldTimer Tools)
Explosion.jpg -> C:\Users\Supremacy\Desktop\Explosion.jpg -> [2009-08-14 02:48:34 | 00,028,008 | ---- | C] ()
system_idle.gif -> C:\Users\Supremacy\Desktop\system_idle.gif -> [2009-08-14 02:02:58 | 00,056,784 | ---- | C] ()
bench32.INI -> C:\Windows\bench32.INI -> [2009-08-13 23:55:43 | 00,000,000 | ---- | C] ()
everest_cpl.cpl -> C:\Windows\SysWow64\everest_cpl.cpl -> [2009-08-13 23:34:32 | 00,169,064 | ---- | C] ()
everest_cpl.ini -> C:\Windows\SysWow64\everest_cpl.ini -> [2009-08-13 23:34:32 | 00,000,070 | ---- | C] ()
everest_hdd_test_buffered.gif -> C:\Users\Supremacy\Desktop\everest_hdd_test_buffered.gif -> [2009-08-13 22:49:08 | 00,039,475 | ---- | C] ()
Malwarebytes -> C:\Users\Supremacy\AppData\Roaming\Malwarebytes -> [2009-08-13 20:04:48 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009-08-13 20:04:45 | 00,038,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009-08-13 20:04:45 | 00,000,000 | ---D | C]
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009-08-13 20:04:44 | 00,022,040 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009-08-13 20:04:44 | 00,000,000 | ---D | C]
HijackThis.lnk -> C:\Users\Supremacy\Desktop\HijackThis.lnk -> [2009-08-13 17:48:56 | 00,002,089 | ---- | C] ()
Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2009-08-13 17:48:56 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2009-08-13 09:27:43 | 00,000,000 | ---D | C]
Spybot - Search & Destroy -> C:\Program Files (x86)\Spybot - Search & Destroy -> [2009-08-13 09:27:43 | 00,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2009-08-13 05:48:24 | 00,000,000 | -HSD | C]
ATI -> C:\ProgramData\ATI -> [2009-08-13 04:37:52 | 00,000,000 | ---D | C]
Simpli Software -> C:\Program Files (x86)\Simpli Software -> [2009-08-13 01:50:35 | 00,000,000 | ---D | C]
Microsoft Silverlight -> C:\Program Files (x86)\Microsoft Silverlight -> [2009-08-11 22:45:35 | 00,000,000 | ---D | C]
CLWatson.ini -> C:\Windows\SysWow64\CLWatson.ini -> [2009-08-06 22:19:3

Den side den hopper spytter op er denne: http://www.topdownloads.net/wallpapers/

Bare mere hvis en kunne genkende siden og ved hvad det skyldtes. :)

Du har ikke fået hele logfilen lagt ind.
Den skal ende med >

< End of report >

Fortæl også lige om du bruger "wallpapers" fra det firma.

Inden du kommer med den ny logfil så se lige her > Kender du denne linje
Den kommer nemlig fra den side som du skriver "Hopper" op.

O4 - HKLM\..\Run: [Wallpaper Juggler Monitor] "C:\PROGRA~2\WALLPA~1\WALLPA~2.EXE"

Kør du uden Antivirus program eller hvad?

Har lige haft installeret dette program http://www.pcworld.dk/download/81/1630

Med det får jeg selvsamme line i en hijackthis log.

Det er godt med lidt datadisciplin :)

Undskyld lang svar tid igen.. arbejder om natten og sover om dagen.. derfor.

Wallpaper Juggler kører jeg selv med.. og gør det netop ppa at den kan skifte baggrund. :)

Og ja det gør jeg.. og den popup der kommer er det eneste jeg har problemer med.

Men prøver at afinstallere wallpaper juggler og ser hvad der sker.

Hvis du stadig har problemet efter de har afinstalleret det program, så skriv lige om problemet er der hvis du skifter brovser, kan se du har "Firefox" installeret.
Der er ikke lige noget  at se i den log du har lagt ind, men som  skrevet mangler der noget af den log.
Hvis du kører den scan igen, så kopier teksten fra >

[Files/Folders - Created Within 14 Days]

Og nedad herind.

Efter som jeg ser det kører du uden Antivirus program.
Du kan hente en gratis "Avira" her, husk at vælg "Free" installer og kør en fuld scan.

http://www.avira.com/en/download/index.html

Godmorgen.

Nu har min pc stået tændt i knap 15 timer som test.
Og intet.. lader til problemet er væk.

Bare lidt synd, da jeg syntes den wallpaper juggler er møg smart, så man ikke skal se på det samme billede hele tiden. :)

Anyways.. smid et svar, så får du nogle point. :)

Og tak for hjælpen. :)

Velbekomme

Godt du blev fri for den.

Bare lidt synd, da jeg syntes den wallpaper juggler er møg smart, så man ikke skal se på det samme billede hele tiden. :)

Bruger du ikke din pc, siden du bare sidder og glor på wallpaper :)

Prøv dette: http://www.tropicalwares.com/wallmast.html
Ser ud til at være fri for popups.

john... jow men min dvd afspiller er død, så har koblet tv'et til pc'en.

og det er ikke altid jeg får slukket det.
desuden er det meget rart, når man sidder og arbejder, at det ikke er det samme billede konstant der er på...

der er jo trods alt en grund til folk skifter baggrunds billede i ny og næ. :)