thanh Nybegynder

07. oktober 2009 - 12:56 Der er 14 kommentarer og
1 løsning

Har fået en worm/downadup virus(japwamd.dll)

Hej med jer på Eksperten.

Jeg har via en usb fået en virus af en eller anden art.

Mit anti virus poppede op og meddelte mig at jeg havde fået 3 filer som indeholdt virussen.

Jeg kunne smide den ene fil i vault(japwamd.dll) men de andre kunne der ikke gøres noget ved. Ved opstart af min computer får jeg en fejl meddelelse om at japwamd.dll ikke kunne findes. Google kan heller ikke finde filen.

hvad gør jeg?

Synes godt om

f-arn Guru

07. oktober 2009 - 13:08 #1

Hent "Malwarebytes' Anti-Malware" her: http://www.malwarebytes.org/mbam.php
Installer og start programmet, opdater, lav "Hurtig skan" under fanebladet "skanner".
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med en log fra DDS som du finder her: http://download.bleepingcomputer.com/sUBs/dds.scr

eller her: http://www.forospyware.com/sUBs/dds

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af DDS.txt herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet

Mht.: Vista - Højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på "opdater" til den skriver at der ikke er flere opdateringer.

Synes godt om

thanh Nybegynder

07. oktober 2009 - 13:33 #2

Her er de to logs:

-------------anti malware log ------------------
Malwarebytes' Anti-Malware 1.41
Database version: 2917
Windows 6.0.6001 Service Pack 1

07-10-2009 13:21:34
mbam-log-2009-10-07 (13-21-34).txt

Skan type: Hurtig skanning
Objekter skannet: 93478
Tid tilbagelagt: 7 minute(s), 3 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 1
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe

"%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

(Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.

---------- DSS.txt----------------

DDS (Ver_09-09-29.01) - NTFSx86
Run by Trung Dinh at 13:22:52,00 on 07-10-2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.45.1033.18.4093.2397 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Windows\vsnpstd3.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Quick Launch Button\QLButton.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Windows\tsnpstd3.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Trung Dinh\Desktop\dds.scr
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.google.dk/
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mLocal Page = c:\windows\syswow64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files (x86)\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files (x86)\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Rainlendar2] c:\program files (x86)\rainlendar2\Rainlendar2.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WindowsLivePhone] "c:\program files (x86)\windows live\device manager\msgrdvmn.exe" /AutoRun
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [AdobeBridge]
uRun: [kwlrxndv] rundll32.exe "c:\users\trung dinh\appdata\roaming\japwamd.dll",pefotvng
uRunOnce: [Shockwave Updater] c:\windows\syswow64\adobe\shockw~1\SWHELP~2.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)
mRun: [QLButton] "c:\program files (x86)\quick launch button\QLButton.exe"
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~2\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] "c:\program files (x86)\lavasoft\ad-aware\AAWTray.exe"
mRun: [WindowsLivePhone] c:\program files (x86)\windows live\device manager\msgrdvmn.exe /AutoRun
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~2\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /install /silent
dRun: [Picasa Media Detector] c:\program files (x86)\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\tb-tray.lnk - c:\program files (x86)\thunderbird-tray\TBTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files (x86)\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files (x86)\hp\smart web printing\hpswp_extensions.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~2\nuclea~1\videoget\plugins\VIDEOG~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
Trusted Zone: danskebank.dk
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg8\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\trungd~1\appdata\roaming\mozilla\firefox\profiles\mzrxxlg0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files (x86)\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\users\trung dinh\appdata\roaming\mozilla\firefox\profiles\mzrxxlg0.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - plugin: c:\program files (x86)\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\pxhlpa64.sys --> c:\windows\system32\drivers\PxHlpa64.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys --> c:\windows\system32\drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Minifilter x64 Resident Driver;c:\windows\system32\drivers\avgmfx64.sys --> c:\windows\system32\drivers\avgmfx64.sys [?]
R2 avg8wd;AVG8 WatchDog;c:\progra~2\avg\avg8\avgwdsvc.exe [2009-1-30 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-3-10 65536]
R2 SeaPort;SeaPort;c:\program files (x86)\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60a.sys --> c:\windows\system32\drivers\b57nd60a.sys [?]
R3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw4v64.sys --> c:\windows\system32\drivers\NETw4v64.sys [?]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys --> c:\windows\system32\drivers\winbondcir.sys [?]
S2 gupdate1c9fcd78abdc07d;Tjenesten Google Update (gupdate1c9fcd78abdc07d);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-7-4 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-3-31 93184]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\magix\common\database\bin\fbserver.exe [2009-5-3 1527900]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-9-8 1038088]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys --> c:\windows\system32\drivers\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys --> c:\windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys --> c:\windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys --> c:\windows\system32\drivers\nmwcdnsux64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys --> c:\windows\system32\drivers\ccdcmbx64.sys [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2009-3-15 19968]
S3 Start BT in service;Start BT in service;c:\program files (x86)\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-3-14 47984]
S3 TVICHW64;TVICHW64;c:\windows\syswow64\drivers\TVICHW64.SYS [2008-3-29 21200]
S4 Usasacimpab;Usasacimpab; [x]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-10-07 13:13 <DIR> --d----- c:\users\trungd~1\appdata\roaming\Malwarebytes
2009-10-07 13:13 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-07 13:13 <DIR> --d----- c:\programdata\Malwarebytes
2009-10-07 13:13 <DIR> --d----- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-10-07 13:13 <DIR> --d----- c:\progra~3\Malwarebytes
2009-10-04 16:01 664,201,208 a------- c:\windows\MEMORY.DMP
2009-09-27 12:32 <DIR> --d----- c:\programdata\McAfee
2009-09-26 11:33 <DIR> --d----- c:\program files (x86)\RadarSyncPcupz
2009-09-26 10:52 <DIR> --d----- c:\users\trungd~1\appdata\roaming\PoivY
2009-09-25 12:32 <DIR> --d----- c:\programdata\McAfee Security Scan
2009-09-25 12:32 <DIR> --d----- c:\progra~3\McAfee Security Scan
2009-09-25 12:32 <DIR> --d----- c:\program files (x86)\McAfee Security Scan
2009-09-20 15:54 <DIR> --d----- c:\program files (x86)\Desktop Color Finder
2009-09-20 15:35 <DIR> --d----- c:\program files (x86)\ROC Clock
2009-09-18 17:24 156,410 -------- c:\windows\hpoins15.dat.temp
2009-09-18 17:24 1,039 -------- c:\windows\hpomdl15.dat.temp
2009-09-18 09:34 499,712 a------- c:\windows\system32\kerberos.dll
2009-09-18 09:34 213,504 a------- c:\windows\system32\msv1_0.dll
2009-09-18 09:34 175,104 a------- c:\windows\system32\wdigest.dll
2009-09-18 09:34 270,848 a------- c:\windows\system32\schannel.dll
2009-09-18 09:34 76,800 a------- c:\windows\system32\secur32.dll
2009-09-13 12:46 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-09-13 12:46 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-09-13 12:46 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-09-13 12:45 <DIR> --d----- c:\program files (x86)\Heroes of Newerth
2009-09-12 16:29 <DIR> --d----- c:\users\trung dinh\GuppyLife
2009-09-11 18:16 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-11 18:15 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-11 18:15 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-11 18:15 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-11 18:15 10,240 a------- c:\windows\system32\finger.exe
2009-09-11 18:15 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-11 18:15 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-11 18:15 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-11 18:15 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-11 18:15 17,920 a------- c:\windows\system32\netevent.dll
2009-09-11 18:14 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-11 18:14 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-11 18:14 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-08 16:51 <DIR> --d----- c:\program files (x86)\common files\Sonic Shared

==================== Find3M ====================

2009-10-06 17:32 194,274 a------- c:\users\trungd~1\appdata\roaming\nvModes.dat
2009-09-10 23:04 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-10 23:04 86,016 a------- c:\windows\inf\infstor.dat
2009-09-10 23:04 51,200 a------- c:\windows\inf\infpub.dat
2009-08-28 14:50 331,776 a------- c:\windows\apppatch\apppatch64\AcLayers.dll
2009-08-28 14:50 281,600 a------- c:\windows\apppatch\apppatch64\AcGenral.dll
2009-08-28 14:50 100,352 a------- c:\windows\apppatch\apppatch64\acspecfc.dll
2009-08-28 14:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 14:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 14:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 14:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 14:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 12:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-07 19:51 15,308,424 a------- c:\windows\system32\xlive.dll
2009-08-07 19:51 13,642,888 a------- c:\windows\system32\xlivefnt.dll
2009-08-03 01:00 43,698 a------- c:\windows\system32\xvid-uninstall.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-21 23:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 23:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 23:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 22:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 16:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 15:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 14:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 14:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 12:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-03-19 15:14 174 a--sh--- c:\program files (x86)\desktop.ini
2009-03-19 14:53 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-17 21:11 300,302 a------- c:\windows\inf\perflib\0406\perfi.dat
2008-03-17 21:11 300,302 a------- c:\windows\inf\perflib\0406\perfh.dat
2008-03-17 21:11 36,364 a------- c:\windows\inf\perflib\0406\perfd.dat
2008-03-17 21:11 36,364 a------- c:\windows\inf\perflib\0406\perfc.dat
2006-11-02 17:14 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 17:14 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 17:14 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 17:14 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:52 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 12:52 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 12:52 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 12:52 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-05-02 23:31 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-05-02 23:31 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-05-02 23:31 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-02-15 20:29 23 a--sh--- c:\windows\system32\dbce5_g.dll

============= FINISH: 13:23:47,27 ===============

Synes godt om

f-arn Guru

07. oktober 2009 - 16:47 #3

Hent OldTimer's OTS og gem den på skrivebordet.
http://oldtimer.geekstogo.com/OTS.exe

Dobbeltklik på OTS, Klik på Quick Scan, der vil nu åbne en logfil, kopier teksten herind.

Synes godt om

thanh Nybegynder

07. oktober 2009 - 17:00 #4

[code]
OTS logfile created on: 07-10-2009 16:51:25 - Run 1
OTS by OldTimer - Version 3.0.20.3 Folder = C:\Users\Trung Dinh\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

4,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 39,98% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 53,15 Gb Free Space | 17,83% Space Free | Partition Type: NTFS
Drive D: | 15,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRUNGDINH-PC
Current User Name: Trung Dinh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Quick Scan

[Processes - Safe List]
acrotray.exe -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe -> [2008-06-11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.)
adskscsrv.exe -> C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -> [2009-01-28 14:00:57 | 00,079,360 | ---- | M] (Autodesk)
avgtray.exe -> C:\Program Files (x86)\AVG\AVG8\avgtray.exe -> [2009-10-06 09:06:49 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009-08-28 09:36:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2009-09-10 14:48:40 | 00,908,280 | ---- | M] (Mozilla Corporation)
flashutil10b.exe -> C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe -> [2009-02-03 04:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009-01-08 13:51:09 | 00,039,408 | ---- | M] (Google Inc.)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009-01-08 13:51:09 | 00,039,408 | ---- | M] (Google Inc.)
googletoolbaruser_32.exe -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe -> [2009-07-26 20:49:56 | 00,277,104 | ---- | M] (Google Inc.)
ielowutil.exe -> C:\Program Files (x86)\Internet Explorer\IELowutil.exe -> [2009-03-08 13:34:00 | 00,115,712 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009-07-21 23:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009-07-21 23:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009-07-21 23:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009-07-21 23:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009-07-21 23:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
mscorsvw.exe -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008-07-27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe -> [2009-07-26 16:44:14 | 03,883,856 | ---- | M] (Microsoft Corporation)
nmbgmonitor.exe -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe -> [2007-06-01 11:21:08 | 00,153,136 | ---- | M] (Nero AG)
nmbgmonitor.exe -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe -> [2007-06-01 11:21:08 | 00,153,136 | ---- | M] (Nero AG)
nmindexingservice.exe -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -> [2007-06-01 11:21:30 | 00,271,920 | ---- | M] (Nero AG)
nmindexstoresvr.exe -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe -> [2007-06-01 11:21:30 | 01,209,904 | ---- | M] (Nero AG)
ots.exe -> C:\Users\Trung Dinh\Desktop\OTS.exe -> [2009-10-07 16:50:55 | 00,519,168 | ---- | M] (OldTimer Tools)
pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2009-03-20 16:45:10 | 00,066,872 | ---- | M] ()
pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2009-03-20 16:45:10 | 00,066,872 | ---- | M] ()
pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2009-03-20 16:45:10 | 00,066,872 | ---- | M] ()
qlbutton.exe -> C:\Program Files (x86)\Quick Launch Button\QLButton.exe -> [2005-01-06 14:53:34 | 00,106,496 | ---- | M] (INVENTEC)
rainlendar2.exe -> C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe -> [2007-12-30 12:23:34 | 01,365,504 | ---- | M] ()
raysat_3dsmax2009_64server.exe -> C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -> [2008-03-10 01:08:42 | 00,065,536 | ---- | M] ()
raysat_3dsmax2009_64server.exe -> C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -> [2008-03-10 01:08:42 | 00,065,536 | ---- | M] ()
raysat_3dsmax2009_64server.exe -> C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -> [2008-03-10 01:08:42 | 00,065,536 | ---- | M] ()
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
tbtray.exe -> C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe -> [2005-11-08 22:02:44 | 00,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer)
tbtray.exe -> C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe -> [2005-11-08 22:02:44 | 00,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer)
tbtray.exe -> C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe -> [2005-11-08 22:02:44 | 00,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer)
tsnpstd3.exe -> C:\Windows\tsnpstd3.exe -> [2007-04-21 09:32:04 | 00,270,336 | ---- | M] ()
ventrilo 2.1.4.exe -> C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe -> [2003-12-22 17:36:14 | 00,581,632 | ---- | M] ()
ventrilo 2.1.4.exe -> C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe -> [2003-12-22 17:36:14 | 00,581,632 | ---- | M] ()
ventrilo 2.1.4.exe -> C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe -> [2003-12-22 17:36:14 | 00,581,632 | ---- | M] ()
ventrilo 2.1.4.exe -> C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe -> [2003-12-22 17:36:14 | 00,581,632 | ---- | M] ()
vsnpstd3.exe -> C:\Windows\vsnpstd3.exe -> [2006-09-19 09:07:28 | 00,827,392 | ---- | M] ()
wlcomm.exe -> C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe -> [2009-02-06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
wltuser.exe -> C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe -> [2009-02-06 19:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation)
wltuser.exe -> C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe -> [2009-02-06 19:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)

[Win32 Services - Safe List]
64bit-(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2008-01-19 10:00:52 | 00,195,584 | ---- | M] ()
64bit-(CscService) Offline Files [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2008-01-19 10:01:11 | 00,598,016 | ---- | M] ()
64bit-(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2007-02-21 12:49:30 | 00,568,320 | ---- | M] (Intel Corporation)
64bit-(Fax) Fax [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\fxssvc.exe -> [2008-01-19 10:00:17 | 00,689,152 | ---- | M] ()
64bit-(FLEXnet Licensing Service 64) FLEXnet Licensing Service 64 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2009-09-08 16:26:22 | 01,038,088 | ---- | M] (Acresso Software Inc.)
64bit-(Irmon) Infrared monitor service [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\irmon.dll -> [2006-11-02 13:17:42 | 00,022,016 | ---- | M] ()
64bit-(LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -> [2008-05-02 03:49:54 | 00,160,272 | ---- | M] (Logitech, Inc.)
64bit-(mi-raysat_3dsMax2009_64) mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit [Win32_Own | Auto | Running] -> C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -> [2008-03-10 01:08:42 | 00,065,536 | ---- | M] ()
64bit-(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2007-02-21 12:29:54 | 00,367,104 | ---- | M] (Intel Corporation)
64bit-(UmRdpService) Terminal Services UserMode Port Redirector [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2008-01-19 10:04:21 | 00,252,928 | ---- | M] ()
64bit-(usprserv) User Privilege Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\svchost.exe -> [2008-01-19 10:00:40 | 00,027,648 | ---- | M] ()
64bit-(wbengine) Block Level Backup Engine Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2008-01-19 10:00:43 | 01,147,904 | ---- | M] ()
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008-01-19 10:06:50 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008-01-19 10:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation)
(Adobe Version Cue CS4) Adobe Version Cue CS4 [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -> [2008-08-15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated)
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -> [2009-01-28 14:00:57 | 00,079,360 | ---- | M] (Autodesk)
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009-08-28 09:36:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | Auto | Running] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008-07-27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008-07-27 20:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008-01-19 10:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008-01-19 10:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006-11-02 17:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FirebirdServerMAGIXInstance) Firebird Server - MAGIX Instance [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -> [2005-11-17 15:18:52 | 01,527,900 | ---- | M] (MAGIX®)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009-06-04 14:36:24 | 00,655,624 | ---- | M] (Acresso Software Inc.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008-06-20 03:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(fsssvc) Windows Live-tjenesten Family Safety [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -> [2009-08-05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation)
(gupdate1c9fcd78abdc07d) Tjenesten Google Update (gupdate1c9fcd78abdc07d) [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -> [2009-07-04 20:44:50 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009-07-04 20:43:58 | 00,190,448 | ---- | M] (Google)
(hpqcxs08) hpqcxs08 [Win32_Shared | On_Demand | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -> [2007-03-11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Win32_Shared | Auto | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -> [2007-03-11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008-06-20 03:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod-tjeneste [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2007-09-14 10:59:56 | 00,503,608 | ---- | M] (Apple Inc.)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2006-11-02 11:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> [2006-09-29 12:48:06 | 00,065,536 | ---- | M] ()
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2008-10-25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006-11-02 15:34:14 | 00,000,000 | ---D | M]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007-04-13 22:09:56 | 00,792,112 | ---- | M] (Nero AG)
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2008-01-19 09:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -> [2007-06-01 11:21:30 | 00,271,920 | ---- | M] (Nero AG)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008-11-04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> C:\Windows\SysWow64\PnkBstrA.exe -> [2009-03-20 16:45:10 | 00,066,872 | ---- | M] ()
(SeaPort) SeaPort [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -> [2008-11-11 10:38:06 | 00,620,544 | ---- | M] (Nokia.)
(Start BT in service) Start BT in service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -> [2007-03-14 15:57:42 | 00,047,984 | ---- | M] ()
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2009-06-22 19:17:14 | 00,322,032 | ---- | M] (Valve Corporation)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006-11-02 08:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006-11-02 08:35:15 | 00,055,846 | ---- | M] ()

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.dk/ ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Users\Trung Dinh\AppData\Roaming\Mozilla\FireFox\Profiles\mzrxxlg0.default\prefs.js ->
browser.startup.homepage -> "http://www.google.com" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 ->
extensions.enabledItems -> {c50ca3c4-5656-43c2-a061-13e717f73fc8}:2.03 ->
extensions.enabledItems -> firebug@software.joehewitt.com:1.4.3 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2 ->
extensions.enabledItems -> {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.2 ->
extensions.enabledItems -> {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6 ->
extensions.enabledItems -> {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 ->
< FireFox Settings [User.js] > -> C:\Users\Trung Dinh\AppData\Roaming\Mozilla\FireFox\Profiles\mzrxxlg0.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES (X86)\AVG\AVG8\FIREFOX [C:\PROGRAM FILES (X86)\AVG\AVG8\FIREFOX] -> [2009-06-26 10:09:16 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009-08-09 10:10:29 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009-09-10 14:48:42 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009-09-25 16:32:22 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions -> ->
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\COMPONENTS] -> [2009-10-07 13:19:09 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\PLUGINS] -> [2009-09-08 16:37:45 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Extensions -> [2009-02-15 17:48:05 | 00,000,335 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009-02-15 17:48:05 | 00,000,335 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org -> [2009-02-15 17:48:05 | 00,000,335 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}-trash -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\firebug@software.joehewitt.com -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009-09-10 14:48:42 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009-09-10 14:48:40 | 00,023,544 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009-09-10 14:48:40 | 00,137,208 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009-09-25 16:32:22 | 00,000,000 | ---D | M]
libdivx.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\libdivx.dll -> [2009-05-01 23:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)
np-mswmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
npdeploytk.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
npdivx32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2009-05-12 20:46:20 | 01,650,992 | ---- | M] (DivX,Inc.)
npdivx32.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2009-05-01 23:02:24 | 00,001,691 | ---- | M] ()
npDivxPlayerPlugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npDivxPlayerPlugin.dll -> [2009-05-19 00:41:32 | 00,098,304 | ---- | M] (DivX, Inc)
npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009-09-10 14:48:40 | 00,065,016 | ---- | M] (mozilla.org)
NPOFF12.DLL -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)
NPOFFICE.DLL -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007-03-22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
nppdf32.DEU -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.DEU -> [2008-06-12 02:24:00 | 00,006,144 | ---- | M] ()
nppdf32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008-06-11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.)
nppdf32.FRA -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.FRA -> [2008-06-12 02:15:50 | 00,006,144 | ---- | M] ()
nppl3260.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppl3260.dll -> [2006-10-07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.)
npqtplugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009-02-27 14:53:40 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009-02-27 14:53:40 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009-02-27 14:53:40 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009-02-27 14:53:40 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009-02-27 14:53:41 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009-02-27 14:53:41 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009-02-27 14:53:41 | 00,143,360 | ---- | M] (Apple Inc.)
nprpjplug.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nprpjplug.dll -> [2006-10-07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.)
nsIDivxPlayerPlugin.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nsIDivxPlayerPlugin.xpt -> [2009-05-01 23:02:32 | 00,000,297 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009-02-27 14:53:40 | 00,004,208 | ---- | M] ()
ssldivx.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ssldivx.dll -> [2009-05-01 23:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007-03-30 10:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007-03-30 10:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009-07-01 01:28:51 | 00,000,000 | ---D | M]
amazon-co-uk.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazon-co-uk.xml -> [2009-06-24 14:39:30 | 00,001,525 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009-06-24 14:39:30 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009-06-24 14:39:30 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009-06-24 14:39:30 | 00,002,344 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009-06-24 14:39:30 | 00,002,371 | ---- | M] ()
wikipedia-da.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia-da.xml -> [2009-06-24 14:39:30 | 00,001,178 | ---- | M] ()
yahoo-dk.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo-dk.xml -> [2009-06-24 14:39:30 | 00,000,799 | ---- | M] ()
< HOSTS File > (3458 bytes and 98 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
First 25 entries...
Reset Hosts
::1 localhost
127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2009-08-05 23:24:16 | 00,132,448 | ---- | M] (Microsoft Corporation)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [Google Toolbar Notifier BHO] -> [2009-07-26 20:51:41 | 00,318,960 | ---- | M] (Google Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2009-07-26 20:49:45 | 00,346,736 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{053F9267-DC04-4294-A72C-58F732D338C0} [HKLM] -> C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> [2007-03-02 16:52:08 | 00,177,768 | R--- | M] (Hewlett-Packard Co.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2008-06-11 22:33:22 | 00,061,816 | ---- | M] (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} [HKLM] -> C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll [ContributeBHO Class] -> [2008-09-10 01:07:52 | 00,136,560 | ---- | M] (Adobe Systems Incorporated.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008-06-11 22:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009-08-28 09:36:54 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009-05-19 11:36:18 | 00,137,600 | ---- | M] (Microsoft Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009-02-12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Hjælp til tilmelding til Windows Live] -> [2009-01-22 16:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [Google Toolbar Notifier BHO] -> [2009-07-26 20:51:41 | 00,761,840 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Dictionary Compression sdch] -> [2009-07-26 20:49:39 | 00,458,736 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009-07-25 05:23:03 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009-02-06 19:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
{F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2009-07-26 20:49:44 | 00,256,112 | ---- | M] (Google Inc.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2009-07-26 20:49:45 | 00,346,736 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009-02-06 19:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009-07-26 20:49:44 | 00,256,112 | ---- | M] (Google Inc.)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" [HKLM] -> C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll [Contribute Toolbar] -> [2008-09-10 01:07:52 | 00,136,560 | ---- | M] (Adobe Systems Incorporated.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2009-07-26 20:49:45 | 00,346,736 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009-07-26 20:49:44 | 00,256,112 | ---- | M] (Google Inc.)
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Kernel and Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2008-02-29 04:16:12 | 00,242,192 | ---- | M] (Logitech, Inc.)
"LifeChat" -> C:\Program Files\Microsoft LifeChat\LifeChat.exe ["C:\Program Files\Microsoft LifeChat\LifeChat.exe"] -> [2008-08-21 12:17:24 | 00,380,448 | ---- | M] (Microsoft Corporation)
"Logitech Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2008-02-29 04:16:12 | 00,242,192 | ---- | M] (Logitech, Inc.)
"NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008-03-18 13:51:15 | 10,824,224 | ---- | M] ()
"NvMediaCenter" -> C:\Windows\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008-03-18 13:51:29 | 00,081,440 | ---- | M] ()
"NvSvc" -> C:\Windows\SysNative\nvsvc64.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc64.dll,nvsvcStart] -> [2008-03-18 13:51:35 | 00,095,776 | ---- | M] ()
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2008-02-26 17:23:08 | 05,723,648 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2007-11-20 19:15:58 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"SMSERIAL" -> C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe] -> [2006-11-22 18:38:34 | 00,830,976 | ---- | M] (Motorola Inc.)
"snpstd3" -> C:\Windows\vsnpstd3.exe [C:\Windows\vsnpstd3.exe] -> [2006-09-19 09:07:28 | 00,827,392 | ---- | M] ()
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2007-12-06 18:12:50 | 01,216,808 | ---- | M] (Synaptics, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008-01-19 10:07:02 | 01,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"Acrobat Assistant 8.0" -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2008-06-11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.)
"Adobe Acrobat Speed Launcher" -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2008-06-12 02:25:18 | 00,037,232 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008-10-15 02:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Adobe_ID0ENQBO" -> C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE] -> [2008-08-15 05:46:20 | 00,378,224 | ---- | M] (Adobe Systems Incorporated)
"AdobeCS4ServiceManager" -> C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ["C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin] -> [2008-08-14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated)
"Ad-Watch" -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe ["C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"] -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
"AVG8_TRAY" -> C:\Program Files (x86)\AVG\AVG8\avgtray.exe [C:\PROGRA~2\AVG\AVG8\avgtray.exe] -> [2009-10-06 09:06:49 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008-10-25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009-09-10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"QLButton" -> C:\Program Files (x86)\Quick Launch Button\QLButton.exe ["C:\Program Files (x86)\Quick Launch Button\QLButton.exe"] -> [2005-01-06 14:53:34 | 00,106,496 | ---- | M] (INVENTEC)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"tsnpstd3" -> C:\Windows\tsnpstd3.exe [C:\Windows\tsnpstd3.exe] -> [2007-04-21 09:32:04 | 00,270,336 | ---- | M] ()
"WindowsLivePhone" -> C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe [C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun] -> [2008-12-22 15:59:20 | 00,787,816 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AdobeBridge" -> [] -> File not found
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> [2007-06-01 11:21:08 | 00,153,136 | ---- | M] (Nero AG)
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe [C:\Windows\ehome\ehTray.exe] -> [2008-01-19 10:00:14 | 00,138,240 | ---- | M] (Microsoft Corporation)
"kwlrxndv" -> [rundll32.exe "C:\Users\Trung Dinh\AppData\Roaming\japwamd.dll",pefotvng] -> File not found
"Rainlendar2" -> C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe] -> [2007-12-30 12:23:34 | 01,365,504 | ---- | M] ()
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009-01-08 13:51:09 | 00,039,408 | ---- | M] (Google Inc.)
"WindowsLivePhone" -> C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe ["C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun] -> [2008-12-22 15:59:20 | 00,787,816 | ---- | M] (Microsoft Corporation)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Shockwave Updater" -> C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100458 -Mozilla\4.0 ( [C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"ForceActiveDesktopOn" -> [0] -> File not found
\\"NoActiveDesktopChanges" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [1] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
\\"EnableUIADesktopToggle" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append Link Target to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert Link Target to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
E&ksporter til Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009-05-04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append Link Target to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert Link Target to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
E&ksporter til Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009-05-04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog det] -> [2009-07-26 20:17:14 | 00,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog det i Windows Live Writer] -> [2009-07-26 20:17:14 | 00,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send til OneNote] -> [2008-10-25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end til OneNote] -> [2008-10-25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKLM] -> C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Klipsamling] -> [2007-03-02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
{700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKLM] -> C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Smart markering] -> [2007-03-02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}:{17A84966-F1E9-4645-AA9E-5E771EE1C859} [HKLM] -> C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll [Button: Add to VideoGet] -> [2008-04-07 16:06:14 | 00,449,536 | ---- | M] (Nuclear Coffee Software)
{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}:{17A84966-F1E9-4645-AA9E-5E771EE1C859} [HKLM] -> C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll [Menu: Add to &VideoGet] -> [2008-04-07 16:06:14 | 00,449,536 | ---- | M] (Nuclear Coffee Software)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009-03-06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
Extension\.spop -> C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll [Reg Error: Value error.] -> [2001-08-01 18:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
danskebank.dk .

-> Trusted sites ->

hansenberg.dk .

-> Local intranet ->

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{5C051655-FCD5-4969-9182-770EA5AA5565} [HKLM] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab [Solitaire Showdown Class] ->
{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab [UnoCtrl Class] ->
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} [HKLM] -> http://www.systemrequirementslab.com/sysreqlab2.cab [System Requirements Lab Class] ->
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} [HKLM] -> http://www.acclaim.com/cabs/acclaim_v4.cab [GameLauncher Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} [HKLM] -> http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab [BatchDownloader Class] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab [Shockwave Flash Object] ->
{D8575CE3-3432-4540-88A9-85A1325D3375} [HKLM] -> https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab [e-Safekey] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 212.242.40.3 212.242.40.51 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0FAC619E-E2A4-4944-B5BF-6D1F73A1D9A8}\\DhcpNameServer -> 10.0.16.101 10.0.16.102 (Intel(R) Wireless WiFi Link 4965AGN) ->
{632462B3-CCF2-4E4D-AF46-0E04569E75F7}\\DhcpNameServer -> 212.242.40.3 212.242.40.51 (Broadcom NetLink (TM) Gigabit Ethernet) ->
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrssta.dll -> C:\Windows\SysNative\avgrssta.dll -> [2009-08-28 09:37:10 | 00,012,464 | ---- | M] ()
*MultiFile Done* -> ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009-02-13 16:02:18 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009-02-13 16:02:18 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< 64bit-SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\S

Synes godt om

f-arn Guru

07. oktober 2009 - 17:18 #5

Du har ikke fået hele loggen med.

Synes godt om

thanh Nybegynder

07. oktober 2009 - 17:52 #6

[code]
OTS logfile created on: 07-10-2009 16:51:25 - Run 1
OTS by OldTimer - Version 3.0.20.3 Folder = C:\Users\Trung Dinh\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

4,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 39,98% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 53,15 Gb Free Space | 17,83% Space Free | Partition Type: NTFS
Drive D: | 15,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRUNGDINH-PC
Current User Name: Trung Dinh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Quick Scan

[Processes - Safe List]
acrotray.exe -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe -> [2008-06-11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.)
adskscsrv.exe -> C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -> [2009-01-28 14:00:57 | 00,079,360 | ---- | M] (Autodesk)
avgtray.exe -> C:\Program Files (x86)\AVG\AVG8\avgtray.exe -> [2009-10-06 09:06:49 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009-08-28 09:36:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2009-09-10 14:48:40 | 00,908,280 | ---- | M] (Mozilla Corporation)
flashutil10b.exe -> C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe -> [2009-02-03 04:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009-01-08 13:51:09 | 00,039,408 | ---- | M] (Google Inc.)
googletoolbarnotifier.exe -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2009-01-08 13:51:09 | 00,039,408 | ---- | M] (Google Inc.)
googletoolbaruser_32.exe -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe -> [2009-07-26 20:49:56 | 00,277,104 | ---- | M] (Google Inc.)
ielowutil.exe -> C:\Program Files (x86)\Internet Explorer\IELowutil.exe -> [2009-03-08 13:34:00 | 00,115,712 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009-07-21 23:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009-07-21 23:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009-07-21 23:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009-07-21 23:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009-07-21 23:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
mscorsvw.exe -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008-07-27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
msnmsgr.exe -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe -> [2009-07-26 16:44:14 | 03,883,856 | ---- | M] (Microsoft Corporation)
nmbgmonitor.exe -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe -> [2007-06-01 11:21:08 | 00,153,136 | ---- | M] (Nero AG)
nmbgmonitor.exe -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe -> [2007-06-01 11:21:08 | 00,153,136 | ---- | M] (Nero AG)
nmindexingservice.exe -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -> [2007-06-01 11:21:30 | 00,271,920 | ---- | M] (Nero AG)
nmindexstoresvr.exe -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe -> [2007-06-01 11:21:30 | 01,209,904 | ---- | M] (Nero AG)
ots.exe -> C:\Users\Trung Dinh\Desktop\OTS.exe -> [2009-10-07 16:50:55 | 00,519,168 | ---- | M] (OldTimer Tools)
pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2009-03-20 16:45:10 | 00,066,872 | ---- | M] ()
pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2009-03-20 16:45:10 | 00,066,872 | ---- | M] ()
pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2009-03-20 16:45:10 | 00,066,872 | ---- | M] ()
qlbutton.exe -> C:\Program Files (x86)\Quick Launch Button\QLButton.exe -> [2005-01-06 14:53:34 | 00,106,496 | ---- | M] (INVENTEC)
rainlendar2.exe -> C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe -> [2007-12-30 12:23:34 | 01,365,504 | ---- | M] ()
raysat_3dsmax2009_64server.exe -> C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -> [2008-03-10 01:08:42 | 00,065,536 | ---- | M] ()
raysat_3dsmax2009_64server.exe -> C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -> [2008-03-10 01:08:42 | 00,065,536 | ---- | M] ()
raysat_3dsmax2009_64server.exe -> C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -> [2008-03-10 01:08:42 | 00,065,536 | ---- | M] ()
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
setpoint32.exe -> C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe -> [2008-05-02 05:00:00 | 00,077,824 | ---- | M] ()
tbtray.exe -> C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe -> [2005-11-08 22:02:44 | 00,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer)
tbtray.exe -> C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe -> [2005-11-08 22:02:44 | 00,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer)
tbtray.exe -> C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe -> [2005-11-08 22:02:44 | 00,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer)
tsnpstd3.exe -> C:\Windows\tsnpstd3.exe -> [2007-04-21 09:32:04 | 00,270,336 | ---- | M] ()
ventrilo 2.1.4.exe -> C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe -> [2003-12-22 17:36:14 | 00,581,632 | ---- | M] ()
ventrilo 2.1.4.exe -> C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe -> [2003-12-22 17:36:14 | 00,581,632 | ---- | M] ()
ventrilo 2.1.4.exe -> C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe -> [2003-12-22 17:36:14 | 00,581,632 | ---- | M] ()
ventrilo 2.1.4.exe -> C:\Program Files\VentriloMIX\Ventrilo 2.1.4.exe -> [2003-12-22 17:36:14 | 00,581,632 | ---- | M] ()
vsnpstd3.exe -> C:\Windows\vsnpstd3.exe -> [2006-09-19 09:07:28 | 00,827,392 | ---- | M] ()
wlcomm.exe -> C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe -> [2009-02-06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
wltuser.exe -> C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe -> [2009-02-06 19:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation)
wltuser.exe -> C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe -> [2009-02-06 19:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)

[Win32 Services - Safe List]
64bit-(AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2008-01-19 10:00:52 | 00,195,584 | ---- | M] ()
64bit-(CscService) Offline Files [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2008-01-19 10:01:11 | 00,598,016 | ---- | M] ()
64bit-(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2007-02-21 12:49:30 | 00,568,320 | ---- | M] (Intel Corporation)
64bit-(Fax) Fax [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\fxssvc.exe -> [2008-01-19 10:00:17 | 00,689,152 | ---- | M] ()
64bit-(FLEXnet Licensing Service 64) FLEXnet Licensing Service 64 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -> [2009-09-08 16:26:22 | 01,038,088 | ---- | M] (Acresso Software Inc.)
64bit-(Irmon) Infrared monitor service [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\irmon.dll -> [2006-11-02 13:17:42 | 00,022,016 | ---- | M] ()
64bit-(LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -> [2008-05-02 03:49:54 | 00,160,272 | ---- | M] (Logitech, Inc.)
64bit-(mi-raysat_3dsMax2009_64) mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit [Win32_Own | Auto | Running] -> C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -> [2008-03-10 01:08:42 | 00,065,536 | ---- | M] ()
64bit-(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2007-02-21 12:29:54 | 00,367,104 | ---- | M] (Intel Corporation)
64bit-(UmRdpService) Terminal Services UserMode Port Redirector [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2008-01-19 10:04:21 | 00,252,928 | ---- | M] ()
64bit-(usprserv) User Privilege Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\svchost.exe -> [2008-01-19 10:00:40 | 00,027,648 | ---- | M] ()
64bit-(wbengine) Block Level Backup Engine Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2008-01-19 10:00:43 | 01,147,904 | ---- | M] ()
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008-01-19 10:06:50 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008-01-19 10:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation)
(Adobe Version Cue CS4) Adobe Version Cue CS4 [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -> [2008-08-15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated)
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -> [2009-01-28 14:00:57 | 00,079,360 | ---- | M] (Autodesk)
(avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -> [2009-08-28 09:36:42 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | Auto | Running] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008-07-27 20:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008-07-27 20:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008-01-19 10:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008-01-19 10:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006-11-02 17:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FirebirdServerMAGIXInstance) Firebird Server - MAGIX Instance [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -> [2005-11-17 15:18:52 | 01,527,900 | ---- | M] (MAGIX®)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009-06-04 14:36:24 | 00,655,624 | ---- | M] (Acresso Software Inc.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008-06-20 03:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(fsssvc) Windows Live-tjenesten Family Safety [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -> [2009-08-05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation)
(gupdate1c9fcd78abdc07d) Tjenesten Google Update (gupdate1c9fcd78abdc07d) [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -> [2009-07-04 20:44:50 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009-07-04 20:43:58 | 00,190,448 | ---- | M] (Google)
(hpqcxs08) hpqcxs08 [Win32_Shared | On_Demand | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -> [2007-03-11 21:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Win32_Shared | Auto | Running] -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -> [2007-03-11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005-04-04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008-06-20 03:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod-tjeneste [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2007-09-14 10:59:56 | 00,503,608 | ---- | M] (Apple Inc.)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2006-11-02 11:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009-09-27 15:26:18 | 01,028,432 | ---- | M] (Lavasoft)
(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -> [2006-09-29 12:48:06 | 00,065,536 | ---- | M] ()
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2008-10-25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006-11-02 15:34:14 | 00,000,000 | ---D | M]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe -> [2007-04-13 22:09:56 | 00,792,112 | ---- | M] (Nero AG)
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2008-01-19 09:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation)
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -> [2007-06-01 11:21:30 | 00,271,920 | ---- | M] (Nero AG)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008-11-04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> C:\Windows\SysWow64\PnkBstrA.exe -> [2009-03-20 16:45:10 | 00,066,872 | ---- | M] ()
(SeaPort) SeaPort [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009-05-19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
(ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -> [2008-11-11 10:38:06 | 00,620,544 | ---- | M] (Nokia.)
(Start BT in service) Start BT in service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -> [2007-03-14 15:57:42 | 00,047,984 | ---- | M] ()
(Steam Client Service) Steam Client Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2009-06-22 19:17:14 | 00,322,032 | ---- | M] (Valve Corporation)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006-11-02 08:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006-11-02 08:35:15 | 00,055,846 | ---- | M] ()

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.dk/ ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Users\Trung Dinh\AppData\Roaming\Mozilla\FireFox\Profiles\mzrxxlg0.default\prefs.js ->
browser.startup.homepage -> "http://www.google.com" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 ->
extensions.enabledItems -> {c50ca3c4-5656-43c2-a061-13e717f73fc8}:2.03 ->
extensions.enabledItems -> firebug@software.joehewitt.com:1.4.3 ->
extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2 ->
extensions.enabledItems -> {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.2 ->
extensions.enabledItems -> {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6 ->
extensions.enabledItems -> {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3 ->
< FireFox Settings [User.js] > -> C:\Users\Trung Dinh\AppData\Roaming\Mozilla\FireFox\Profiles\mzrxxlg0.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\PROGRAM FILES (X86)\AVG\AVG8\FIREFOX [C:\PROGRAM FILES (X86)\AVG\AVG8\FIREFOX] -> [2009-06-26 10:09:16 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009-08-09 10:10:29 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009-09-10 14:48:42 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009-09-25 16:32:22 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions -> ->
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\COMPONENTS] -> [2009-10-07 13:19:09 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\PLUGINS] -> [2009-09-08 16:37:45 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Extensions -> [2009-02-15 17:48:05 | 00,000,335 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009-02-15 17:48:05 | 00,000,335 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org -> [2009-02-15 17:48:05 | 00,000,335 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}-trash -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
-> C:\Users\Trung Dinh\AppData\Roaming\mozilla\Firefox\Profiles\mzrxxlg0.default\extensions\firebug@software.joehewitt.com -> [2009-10-05 13:05:02 | 00,104,862 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -> [2009-09-10 14:48:42 | 10,776,568 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009-09-10 14:48:42 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009-09-10 14:48:40 | 00,023,544 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009-09-10 14:48:40 | 00,137,208 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009-09-25 16:32:22 | 00,000,000 | ---D | M]
libdivx.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\libdivx.dll -> [2009-05-01 23:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)
np-mswmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
npdeploytk.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009-07-25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
npdivx32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdivx32.dll -> [2009-05-12 20:46:20 | 01,650,992 | ---- | M] (DivX,Inc.)
npdivx32.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdivx32.xpt -> [2009-05-01 23:02:24 | 00,001,691 | ---- | M] ()
npDivxPlayerPlugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npDivxPlayerPlugin.dll -> [2009-05-19 00:41:32 | 00,098,304 | ---- | M] (DivX, Inc)
npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009-09-10 14:48:40 | 00,065,016 | ---- | M] (mozilla.org)
NPOFF12.DLL -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\NPOFF12.DLL -> [2006-10-26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation)
NPOFFICE.DLL -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007-03-22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
nppdf32.DEU -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.DEU -> [2008-06-12 02:24:00 | 00,006,144 | ---- | M] ()
nppdf32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008-06-11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.)
nppdf32.FRA -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.FRA -> [2008-06-12 02:15:50 | 00,006,144 | ---- | M] ()
nppl3260.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppl3260.dll -> [2006-10-07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.)
npqtplugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009-02-27 14:53:40 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009-02-27 14:53:40 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009-02-27 14:53:40 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009-02-27 14:53:40 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009-02-27 14:53:41 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009-02-27 14:53:41 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009-02-27 14:53:41 | 00,143,360 | ---- | M] (Apple Inc.)
nprpjplug.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nprpjplug.dll -> [2006-10-07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.)
nsIDivxPlayerPlugin.xpt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nsIDivxPlayerPlugin.xpt -> [2009-05-01 23:02:32 | 00,000,297 | ---- | M] ()
QuickTimePlugin.class -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009-02-27 14:53:40 | 00,004,208 | ---- | M] ()
ssldivx.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ssldivx.dll -> [2009-05-01 23:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/)
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007-03-30 10:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007-03-30 10:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009-07-01 01:28:51 | 00,000,000 | ---D | M]
amazon-co-uk.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazon-co-uk.xml -> [2009-06-24 14:39:30 | 00,001,525 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009-06-24 14:39:30 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009-06-24 14:39:30 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009-06-24 14:39:30 | 00,002,344 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009-06-24 14:39:30 | 00,002,371 | ---- | M] ()
wikipedia-da.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia-da.xml -> [2009-06-24 14:39:30 | 00,001,178 | ---- | M] ()
yahoo-dk.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo-dk.xml -> [2009-06-24 14:39:30 | 00,000,799 | ---- | M] ()
< HOSTS File > (3458 bytes and 98 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
First 25 entries...
Reset Hosts
::1 localhost
127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} [HKLM] -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [Windows Live Family Safety Browser Helper Class] -> [2009-08-05 23:24:16 | 00,132,448 | ---- | M] (Microsoft Corporation)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [Google Toolbar Notifier BHO] -> [2009-07-26 20:51:41 | 00,318,960 | ---- | M] (Google Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2009-07-26 20:49:45 | 00,346,736 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{053F9267-DC04-4294-A72C-58F732D338C0} [HKLM] -> C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> [2007-03-02 16:52:08 | 00,177,768 | R--- | M] (Hewlett-Packard Co.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2008-06-11 22:33:22 | 00,061,816 | ---- | M] (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} [HKLM] -> C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll [ContributeBHO Class] -> [2008-09-10 01:07:52 | 00,136,560 | ---- | M] (Adobe Systems Incorporated.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008-06-11 22:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009-08-28 09:36:54 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009-05-19 11:36:18 | 00,137,600 | ---- | M] (Microsoft Corporation)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009-02-12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Hjælp til tilmelding til Windows Live] -> [2009-01-22 16:41:30 | 00,408,448 | ---- | M] (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [Google Toolbar Notifier BHO] -> [2009-07-26 20:51:41 | 00,761,840 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [Google Dictionary Compression sdch] -> [2009-07-26 20:49:39 | 00,458,736 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009-07-25 05:23:03 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009-02-06 19:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
{F4971EE7-DAA0-4053-9964-665D8EE6A077} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [SmartSelect Class] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2009-07-26 20:49:44 | 00,256,112 | ---- | M] (Google Inc.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2009-07-26 20:49:45 | 00,346,736 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009-02-06 19:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009-07-26 20:49:44 | 00,256,112 | ---- | M] (Google Inc.)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" [HKLM] -> C:\Program Files (x86)\Adobe\Adobe Contribute CS4\contributeieplugin.dll [Contribute Toolbar] -> [2008-09-10 01:07:52 | 00,136,560 | ---- | M] (Adobe Systems Incorporated.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2009-07-26 20:49:45 | 00,346,736 | ---- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009-07-26 20:49:44 | 00,256,112 | ---- | M] (Google Inc.)
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe PDF] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Kernel and Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2008-02-29 04:16:12 | 00,242,192 | ---- | M] (Logitech, Inc.)
"LifeChat" -> C:\Program Files\Microsoft LifeChat\LifeChat.exe ["C:\Program Files\Microsoft LifeChat\LifeChat.exe"] -> [2008-08-21 12:17:24 | 00,380,448 | ---- | M] (Microsoft Corporation)
"Logitech Hardware Abstraction Layer" -> C:\Windows\KHALMNPR.Exe [KHALMNPR.EXE] -> [2008-02-29 04:16:12 | 00,242,192 | ---- | M] (Logitech, Inc.)
"NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008-03-18 13:51:15 | 10,824,224 | ---- | M] ()
"NvMediaCenter" -> C:\Windows\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008-03-18 13:51:29 | 00,081,440 | ---- | M] ()
"NvSvc" -> C:\Windows\SysNative\nvsvc64.DLL [RUNDLL32.EXE C:\Windows\system32\nvsvc64.dll,nvsvcStart] -> [2008-03-18 13:51:35 | 00,095,776 | ---- | M] ()
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2008-02-26 17:23:08 | 05,723,648 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Windows\SkyTel.exe [Skytel.exe] -> [2007-11-20 19:15:58 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
"SMSERIAL" -> C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe] -> [2006-11-22 18:38:34 | 00,830,976 | ---- | M] (Motorola Inc.)
"snpstd3" -> C:\Windows\vsnpstd3.exe [C:\Windows\vsnpstd3.exe] -> [2006-09-19 09:07:28 | 00,827,392 | ---- | M] ()
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2007-12-06 18:12:50 | 01,216,808 | ---- | M] (Synaptics, Inc.)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008-01-19 10:07:02 | 01,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"Acrobat Assistant 8.0" -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe ["C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"] -> [2008-06-11 22:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.)
"Adobe Acrobat Speed Launcher" -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe ["C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"] -> [2008-06-12 02:25:18 | 00,037,232 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008-10-15 02:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Adobe_ID0ENQBO" -> C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE] -> [2008-08-15 05:46:20 | 00,378,224 | ---- | M] (Adobe Systems Incorporated)
"AdobeCS4ServiceManager" -> C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe ["C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin] -> [2008-08-14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated)
"Ad-Watch" -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe ["C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"] -> [2009-09-27 15:26:20 | 00,520,024 | ---- | M] (Lavasoft)
"AVG8_TRAY" -> C:\Program Files (x86)\AVG\AVG8\avgtray.exe [C:\PROGRA~2\AVG\AVG8\avgtray.exe] -> [2009-10-06 09:06:49 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2008-10-25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009-09-10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"QLButton" -> C:\Program Files (x86)\Quick Launch Button\QLButton.exe ["C:\Program Files (x86)\Quick Launch Button\QLButton.exe"] -> [2005-01-06 14:53:34 | 00,106,496 | ---- | M] (INVENTEC)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009-07-25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"tsnpstd3" -> C:\Windows\tsnpstd3.exe [C:\Windows\tsnpstd3.exe] -> [2007-04-21 09:32:04 | 00,270,336 | ---- | M] ()
"WindowsLivePhone" -> C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe [C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe /AutoRun] -> [2008-12-22 15:59:20 | 00,787,816 | ---- | M] (Microsoft Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AdobeBridge" -> [] -> File not found
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> [2007-06-01 11:21:08 | 00,153,136 | ---- | M] (Nero AG)
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe [C:\Windows\ehome\ehTray.exe] -> [2008-01-19 10:00:14 | 00,138,240 | ---- | M] (Microsoft Corporation)
"kwlrxndv" -> [rundll32.exe "C:\Users\Trung Dinh\AppData\Roaming\japwamd.dll",pefotvng] -> File not found
"Rainlendar2" -> C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe] -> [2007-12-30 12:23:34 | 01,365,504 | ---- | M] ()
"swg" -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2009-01-08 13:51:09 | 00,039,408 | ---- | M] (Google Inc.)
"WindowsLivePhone" -> C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe ["C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun] -> [2008-12-22 15:59:20 | 00,787,816 | ---- | M] (Microsoft Corporation)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"Shockwave Updater" -> C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100458 -Mozilla\4.0 ( [C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 1.1.4322; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"ForceActiveDesktopOn" -> [0] -> File not found
\\"NoActiveDesktopChanges" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [1] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
\\"EnableUIADesktopToggle" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append Link Target to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert Link Target to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
E&ksporter til Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009-05-04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append Link Target to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert Link Target to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html] -> [2008-06-11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
E&ksporter til Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000] -> [2009-05-04 08:40:04 | 18,333,536 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog det] -> [2009-07-26 20:17:14 | 00,186,192 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog det i Windows Live Writer] -> [2009-07-26 20:17:14 | 00,186,192 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send til OneNote] -> [2008-10-25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end til OneNote] -> [2008-10-25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKLM] -> C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Klipsamling] -> [2007-03-02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
{700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKLM] -> C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll [Button: HP Smart markering] -> [2007-03-02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)
{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}:{17A84966-F1E9-4645-AA9E-5E771EE1C859} [HKLM] -> C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll [Button: Add to VideoGet] -> [2008-04-07 16:06:14 | 00,449,536 | ---- | M] (Nuclear Coffee Software)
{88CFA58B-A63F-4A94-9C54-0C7A58E3333E}:{17A84966-F1E9-4645-AA9E-5E771EE1C859} [HKLM] -> C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll [Menu: Add to &VideoGet] -> [2008-04-07 16:06:14 | 00,449,536 | ---- | M] (Nuclear Coffee Software)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009-03-06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
Extension\.spop -> C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll [Reg Error: Value error.] -> [2001-08-01 18:05:42 | 00,270,336 | ---- | M] (Intertrust Technologies, Inc.)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
danskebank.dk .

-> Trusted sites ->

hansenberg.dk .

-> Local intranet ->

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{5C051655-FCD5-4969-9182-770EA5AA5565} [HKLM] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab [Solitaire Showdown Class] ->
{5D6F45B3-9043-443D-A792-115447494D24} [HKLM] -> http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab [UnoCtrl Class] ->
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} [HKLM] -> http://www.systemrequirementslab.com/sysreqlab2.cab [System Requirements Lab Class] ->
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} [HKLM] -> http://www.acclaim.com/cabs/acclaim_v4.cab [GameLauncher Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} [HKLM] -> http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab [BatchDownloader Class] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab [Shockwave Flash Object] ->
{D8575CE3-3432-4540-88A9-85A1325D3375} [HKLM] -> https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab [e-Safekey] ->
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 212.242.40.3 212.242.40.51 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0FAC619E-E2A4-4944-B5BF-6D1F73A1D9A8}\\DhcpNameServer -> 10.0.16.101 10.0.16.102 (Intel(R) Wireless WiFi Link 4965AGN) ->
{632462B3-CCF2-4E4D-AF46-0E04569E75F7}\\DhcpNameServer -> 212.242.40.3 212.242.40.51 (Broadcom NetLink (TM) Gigabit Ethernet) ->
< 64bit-AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
64bit-*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
avgrssta.dll -> C:\Windows\SysNative\avgrssta.dll -> [2009-08-28 09:37:10 | 00,012,464 | ---- | M] ()
*MultiFile Done* -> ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009-02-13 16:02:18 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009-02-13 16:02:18 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< 64bit-SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\S

Synes godt om

thanh Nybegynder

07. oktober 2009 - 17:54 #7

hmmm... prøver lige igen

Synes godt om

thanh Nybegynder

07. oktober 2009 - 17:58 #8

her er resten:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
"{1984DD45-52CF-49cd-AB77-18F378FEA264}" [HKLM] -> C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [FencesShellExt] -> [2009-08-31 22:11:32 | 00,138,600 | ---- | M] (Stardock)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009-02-12 15:19:32 | 02,217,848 | ---- | M] (Microsoft Corporation)
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{5889D3BE-1F98-4120-AFA6-F61180F6A61F} -> lport=5353 | profile=private | protocol=6 | dir=in | action=allow | name=adobe csi cs4 |
{6706FD95-B421-40AE-81DF-4CBF9345E950} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{6894FB32-9143-4C1C-B281-E102A6325168} -> lport=5353 | profile=public | protocol=6 | dir=in | action=allow | name=adobe csi cs4 |
{81E1ABA7-9BC7-4D1B-8202-C3B315987680} -> lport=3704 | profile=public | protocol=6 | dir=in | action=allow | name=adobe version cue cs4 server |
{84A8C1B1-9AD0-4AF4-8B5B-622D85D34668} -> lport=51000 | profile=public | protocol=6 | dir=in | action=allow | name=adobe version cue cs4 server |
{90E1253B-7411-4496-AC4B-FFBF6369F49C} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{A9E07553-6DBE-4AB1-B786-1F213F46A2F7} -> lport=51001 | profile=public | protocol=6 | dir=in | action=allow | name=adobe version cue cs4 server |
{B349C690-4A3F-4C93-8046-11DA0F96F53F} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{C9E355BA-7858-4D73-A531-964D96E81FB7} -> lport=3703 | profile=public | protocol=6 | dir=in | action=allow | name=adobe version cue cs4 server |
{E02ADB21-704D-4592-80DB-2F42671E1391} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{F9F13DEF-14F1-447E-848B-26C4303B0C42} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{05952462-4136-46D0-B1A5-4E91558333FF} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{05C5308E-B627-472B-8CEE-4F46BF166A19} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe |
{0AF9B289-203B-4C19-B788-908887150827} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
{0B9355D1-4239-447F-BA69-FB9BF1C9A8C3} -> profile=public | protocol=6 | dir=in | action=allow | name=adobe version cue cs4 server | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
{0CD28555-95B2-4AF4-A74E-E51F9BEEEF2A} -> profile=private | protocol=17 | dir=in | action=allow | name=autodesk 3ds max 2009 64-bit | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
{149C71B1-BC40-49CF-8932-11B6F820CBF6} -> profile=private | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{19ADF7C9-096A-4469-9C96-BE39C2A552A0} -> profile=public | protocol=17 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
{19DE2B75-7DDE-4CEA-8963-6D0E1018B8C2} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe |
{1ACE00C6-7DC3-4A97-B35A-AD0456165274} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{1F769017-EBCC-47AF-AECD-B1DB3E6CD127} -> profile=private | dir=in | action=allow | name=avgupd.exe | app=c:\program files (x86)\avg\avg8\avgupd.exe |
{246F78DC-B694-4935-BF64-E5813ABD7383} -> profile=public | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
{25E223F4-04CD-4D27-94A0-3A55FD84C0AE} -> profile=private | protocol=6 | dir=in | action=allow | name=orb stream client | app=c:\program files (x86)\orb networks\orb\bin\orbstreamerclient.exe |
{2E269C8C-FBEC-4084-BEDC-69DEC90B12BB} -> dir=in | action=allow | name=windows live messenger (phone) | app=c:\program files (x86)\windows live\messenger\livecall.exe |
{32FA24E4-F312-48DD-9F6C-3485DA9A9563} -> profile=public | protocol=6 | dir=in | action=allow | name=bluesoleil | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
{3E1AB408-038D-4901-A052-ADDBB2621D24} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{3F6BC8A8-F824-4B3E-8B9B-21534CBFF308} -> profile=private | protocol=17 | dir=in | action=allow | name=orbir | app=c:\program files (x86)\orb networks\orb\bin\orbir.exe |
{4FDA9A2E-F65C-470C-AC09-A5E57243EFB4} -> profile=private | protocol=17 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
{5201074F-CF27-4A4C-8D8B-5F37AFD5D07E} -> profile=private | protocol=6 | dir=in | action=allow | name=orbir | app=c:\program files (x86)\orb networks\orb\bin\orbir.exe |
{533AA1EA-F214-40C8-8558-5D641D432BA5} -> profile=private | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
{55A98391-DCEF-44E3-B425-98F2F3AC2EF5} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{5C845E05-A2B7-488B-929D-22175FA56C36} -> profile=private | protocol=6 | dir=in | action=allow | name=autodesk 3ds max 2009 64-bit | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
{60B50528-92AC-4EE7-97C8-17706E0A1E82} -> profile=private | protocol=6 | dir=in | action=allow | name=autodesk 3ds max 9 32-bit | app=c:\program files (x86)\autodesk\3ds max 9\3dsmax.exe |
{6475510F-2A0C-4210-9E82-7AA53B0AD8F0} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe |
{6618A6C2-B9F2-4790-8843-1107E474210B} -> profile=private | protocol=17 | dir=in | action=allow | name=orbchannelscan | app=c:\program files (x86)\orb networks\orb\bin\orbchannelscan.exe |
{6D1BBFFD-143C-45A8-AC3B-52CE026A35AF} -> profile=private | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{7091417C-0941-4E19-BB0A-645BFF23C538} -> profile=private | protocol=6 | dir=in | action=allow | name=orbtray | app=c:\program files (x86)\orb networks\orb\bin\orbtray.exe |
{711C2F7A-8A50-4A5C-B531-F3FAEC5A04BD} -> profile=private | protocol=17 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{7BB0963E-90BC-4F6A-9E01-CE4465076381} -> profile=private | protocol=17 | dir=in | action=allow | name=rlvknlg.exe | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
{7C676087-88E7-41E8-9440-D2A8A1EE2652} -> profile=private | protocol=17 | dir=in | action=allow | name=warcraft iii - the frozen throne | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
{825163E5-D019-4DF7-82D9-CC58F854F581} -> profile=private | protocol=17 | dir=in | action=allow | name=autodesk 3ds max 9 32-bit | app=c:\program files (x86)\autodesk\3ds max 9\3dsmax.exe |
{8EBE9370-0055-4083-BFE9-DAD11696529B} -> profile=private | protocol=6 | dir=in | action=allow | name=backburner 2.3 server | app=c:\program files (x86)\autodesk\backburner\server.exe |
{9012BB0F-5036-423F-87D3-4CFFAF6170D0} -> profile=private | protocol=6 | dir=in | action=allow | name=backburner 2.3 monitor | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
{9356B1F4-7DAD-4662-9FC5-9F39D4B1B6FD} -> profile=private | protocol=6 | dir=in | action=allow | name=ventrilo.exe | app=c:\program files\ventrilo\ventrilo.exe |
{98EBC66F-B9EA-441E-B462-FCEF07B7B606} -> profile=private | protocol=6 | dir=in | action=allow | name=backburner 2.3 manager | app=c:\program files (x86)\autodesk\backburner\manager.exe |
{9BC1E33A-4532-4303-BE39-A6E30EEDA0DD} -> profile=private | protocol=17 | dir=in | action=allow | name=backburner 2.3 monitor | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
{A125D5BB-A6C0-4A10-A954-F4A6A7BB6365} -> profile=private | protocol=17 | dir=in | action=allow | name=ra3 | app=c:\program files (x86)\electronic arts\red alert 3\ra3.exe |
{ACEC0389-06CE-49FB-A0AB-A83360B17B1C} -> profile=private | protocol=17 | dir=in | action=allow | name=backburner 2.3 manager | app=c:\program files (x86)\autodesk\backburner\manager.exe |
{ADCA01C5-5413-44B5-8482-9D50D41156A2} -> profile=private | protocol=17 | dir=in | action=allow | name=bluesoleil | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
{B8380088-49F3-4410-A1CE-6D64CE6E9E52} -> profile=private | protocol=17 | dir=in | action=allow | name=orb stream client | app=c:\program files (x86)\orb networks\orb\bin\orbstreamerclient.exe |
{BD88EAA4-0238-4EE9-8725-B230AD6DFB4B} -> profile=private | protocol=17 | dir=in | action=allow | name=orbtray | app=c:\program files (x86)\orb networks\orb\bin\orbtray.exe |
{C07D2A95-CCFD-4BC5-999D-73DBEC999F76} -> profile=public | protocol=17 | dir=in | action=allow | name=bluesoleil | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
{C3124F3C-A039-44F9-9CC8-49912229081A} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{C5A02FB3-DCF2-40DE-B108-23218517D4E2} -> profile=private | protocol=6 | dir=in | action=allow | name=orbchannelscan | app=c:\program files (x86)\orb networks\orb\bin\orbchannelscan.exe |
{D03C3B19-46F2-4F5A-A820-8ACC5FC43145} -> profile=private | protocol=6 | dir=in | action=allow | name=adobe csi cs4 | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
{D20B3200-E231-484D-A4EC-A4F16E2817A3} -> profile=private | protocol=6 | dir=in | action=allow | name=ra3 | app=c:\program files (x86)\electronic arts\red alert 3\ra3.exe |
{D290B32F-B020-4E29-A29B-642CF7441861} -> profile=public | protocol=17 | dir=in | action=allow | name=adobe version cue cs4 server | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
{D46A3630-B67F-4530-A4B4-25504B5F78F9} -> profile=private | protocol=17 | dir=in | action=allow | name=backburner 2.3 server | app=c:\program files (x86)\autodesk\backburner\server.exe |
{D87DC061-5CF0-4A39-B54C-279455F54B40} -> profile=private | protocol=6 | dir=in | action=allow | name=warcraft iii - the frozen throne | app=c:\program files (x86)\warcraft iii\frozen throne.exe |
{D9E6177D-8690-4841-BD3E-734B75A5D78C} -> profile=public | protocol=6 | dir=in | action=allow | name=the battle for middle-earth(tm) ii | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
{DD208242-99BA-40D3-9C0D-F7AEF14E96CD} -> profile=private | protocol=17 | dir=in | action=allow | name=orb | app=c:\program files (x86)\orb networks\orb\bin\orb.exe |
{E0DAF89A-C1E6-49DE-95C6-CD46D6B0B594} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe |
{E49AAE40-BEDA-4658-BE54-194F46F3CC00} -> profile=private | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
{E93252B1-D333-41D4-8B46-D83E2CB5F095} -> profile=public | protocol=17 | dir=in | action=allow | name=the battle for middle-earth(tm) ii | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
{EA8D8708-A8A6-4399-A68B-54BA5E846E6D} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{EF5070C4-C717-4F3B-8FCB-0D865A39ED35} -> profile=private | protocol=6 | dir=in | action=allow | name=bluesoleil | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
{F25F8961-B173-4F4E-881D-A854885306A9} -> profile=private | protocol=6 | dir=in | action=allow | name=orb | app=c:\program files (x86)\orb networks\orb\bin\orb.exe |
{FCE676FC-F669-48E3-A9BE-EB5A0F92FD58} -> profile=private | protocol=6 | dir=in | action=allow | name=rlvknlg.exe | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
TCP Query User{016B9F3C-9221-4D9A-9221-1C2C0AAD143C}C:\program files (x86)\veoh networks\veoh\veohclient.exe -> profile=private | protocol=6 | dir=in | action=allow | name=veoh client | app=c:\program files (x86)\veoh networks\veoh\veohclient.exe |
TCP Query User{06B69281-0BFF-4784-9E6F-A582A265C6A0}C:\users\trung dinh\diablo ii\d2loader-1.12.exe -> profile=private | protocol=6 | dir=in | action=allow | name=d2loader-1.12.exe | app=c:\users\trung dinh\diablo ii\d2loader-1.12.exe |
TCP Query User{09545362-BC00-41BA-9780-2D0AAF8AD5BE}C:\program files (x86)\ea games\battlefield 2\bf2.exe -> profile=public | protocol=6 | dir=in | action=block | name=bf2 | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
TCP Query User{0C40B5D6-1944-4256-A82C-E8320F90DF99}C:\program files (x86)\electronic arts\red alert 3\data\worldbuilder.exe -> profile=private | protocol=6 | dir=in | action=allow | name=command & conquer: red alert™ 3 world builder | app=c:\program files (x86)\electronic arts\red alert 3\data\worldbuilder.exe |
TCP Query User{113F22AC-6363-459C-A878-182E854D1193}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game -> profile=private | protocol=6 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game |
TCP Query User{13BF72A5-2792-44D5-9206-CBC9305D7F84}C:\program files (x86)\limewire\limewire.exe -> profile=public | protocol=6 | dir=in | action=block | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
TCP Query User{197BB8AE-7177-45BF-92F2-279E156360D0}C:\program files (x86)\poivy.com\poivy\poivy.exe -> profile=private | protocol=6 | dir=in | action=allow | name=client to make voip calls. | app=c:\program files (x86)\poivy.com\poivy\poivy.exe |
TCP Query User{1BEFF857-18AC-41EC-B09C-73E53256095A}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe -> profile=private | protocol=6 | dir=in | action=allow | name=nokia service layer host process | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
TCP Query User{1DF47A49-5B90-4FD1-B350-ACBFAEABF797}C:\users\trung dinh\desktop\720_starcraft2gameplayvideo_englishus.avi-downloader.exe -> profile=private | protocol=6 | dir=in | action=allow | name=720_starcraft2gameplayvideo_englishus.avi-downloader.exe | app=c:\users\trung dinh\desktop\720_starcraft2gameplayvideo_englishus.avi-downloader.exe |
TCP Query User{2961E447-F294-47B4-8488-61371F6BF10B}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe -> profile=public | protocol=6 | dir=in | action=allow | name=nokia software updater | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
TCP Query User{2A211B6C-C880-4906-8686-89EF94AD8408}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game -> profile=private | protocol=6 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game |
TCP Query User{30F2E63F-6BDC-44F6-9307-E934F6320444}C:\users\trung dinh\desktop\c\wwp.exe -> profile=private | protocol=6 | dir=in | action=allow | name=wwp.exe | app=c:\users\trung dinh\desktop\c\wwp.exe |
TCP Query User{3276525C-0F09-4924-8544-443005C006E2}C:\users\trung dinh\steam\steamapps\loan_326\counter-strike\hl.exe -> profile=public | protocol=6 | dir=in | action=block | name=half-life launcher | app=c:\users\trung dinh\steam\steamapps\loan_326\counter-strike\hl.exe |
TCP Query User{3460B2CE-4DEE-4552-8881-5B7C7D6B4FB5}C:\users\trung dinh\desktop\the battle for middle-earth (tm) ii\game.dat -> profile=public | protocol=6 | dir=in | action=allow | name=game.dat | app=c:\users\trung dinh\desktop\the battle for middle-earth (tm) ii\game.dat |
TCP Query User{3B6E90CD-E89B-4EAE-89EF-7EAB47CD48A3}C:\program files (x86)\adobe\adobe flash cs4\flash.exe -> profile=public | protocol=6 | dir=in | action=block | name=adobe flash cs4 | app=c:\program files (x86)\adobe\adobe flash cs4\flash.exe |
TCP Query User{3E43794D-C190-4C77-BEA4-49C836D04218}C:\program files (x86)\savage 2 - a tortured soul\savage2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=savage2 | app=c:\program files (x86)\savage 2 - a tortured soul\savage2.exe |
TCP Query User{44E1DCC9-54F7-43F6-9599-90EA14E5221F}C:\program files (x86)\orb networks\orb\bin\orbtray.exe -> profile=public | protocol=6 | dir=in | action=allow | name=orb | app=c:\program files (x86)\orb networks\orb\bin\orbtray.exe |
TCP Query User{48717D2D-60F5-4E60-9290-2BD4A44E9303}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=private | protocol=6 | dir=in | action=allow | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe |
TCP Query User{58822678-D35C-4B82-AF57-31DEDCC609FB}C:\program files (x86)\hamachi\hamachi.exe -> profile=public | protocol=6 | dir=in | action=allow | name=hamachi client | app=c:\program files (x86)\hamachi\hamachi.exe |
TCP Query User{58E7DF8A-D199-46BF-A5CF-FE6B1999C0DE}C:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe -> profile=private | protocol=6 | dir=in | action=allow | name=adobe after effects cs3 | app=c:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe |
TCP Query User{5FD27146-5707-47EC-B5AF-BEFEECF58ED8}C:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe -> profile=private | protocol=6 | dir=in | action=allow | name=lotroclient | app=c:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |
TCP Query User{62B04EE4-4046-44DC-8C85-B64DCC0F1954}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.5.game -> profile=public | protocol=6 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.5.game |
TCP Query User{6CB92955-58C9-411B-8DB5-1A04329A1E92}C:\program files (x86)\mirc\mirc.exe -> profile=private | protocol=6 | dir=in | action=allow | name=mirc | app=c:\program files (x86)\mirc\mirc.exe |
TCP Query User{739EDF51-5500-4879-9338-99C3748F4D12}C:\program files (x86)\warcraft iii\pickup.listchecker.exe -> profile=private | protocol=6 | dir=in | action=allow | name=pickup.listchecker | app=c:\program files (x86)\warcraft iii\pickup.listchecker.exe |
TCP Query User{746AF502-B566-4844-A4C2-653FC494FC21}C:\program files (x86)\orb networks\orb\bin\orb.exe -> profile=public | protocol=6 | dir=in | action=allow | name=orb application | app=c:\program files (x86)\orb networks\orb\bin\orb.exe |
TCP Query User{80533794-EC75-449F-A5C2-4926711AE62E}C:\program files (x86)\azureus\azureus.exe -> profile=public | protocol=6 | dir=in | action=allow | name=azureus | app=c:\program files (x86)\azureus\azureus.exe |
TCP Query User{8261D143-2CAF-4A39-AF3A-C0F13BDE6BF0}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe -> profile=public | protocol=6 | dir=in | action=allow | name=nokia service layer host process | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
TCP Query User{878A2687-99A1-4E08-9257-B0ED0EB9699C}C:\program files (x86)\veoh networks\veoh\veohclient.exe -> profile=public | protocol=6 | dir=in | action=allow | name=veoh client | app=c:\program files (x86)\veoh networks\veoh\veohclient.exe |
TCP Query User{878DF90C-79B4-4B1D-BB1E-745EC93B2B09}C:\users\trung dinh\steam\steamapps\loan_326\counter-strike\hl.exe -> profile=private | protocol=6 | dir=in | action=allow | name=half-life launcher | app=c:\users\trung dinh\steam\steamapps\loan_326\counter-strike\hl.exe |
TCP Query User{89084059-AFEB-4391-B3C2-99F950678EF2}C:\program files (x86)\hamachi\hamachi.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hamachi client | app=c:\program files (x86)\hamachi\hamachi.exe |
TCP Query User{9380178A-E8EF-4D11-B1E1-1E2DAA0E8CEE}C:\program files (x86)\limewire\limewire.exe -> profile=private | protocol=6 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
TCP Query User{94DF09CE-DF00-4887-B2CF-40A371F32C6D}C:\program files (x86)\azureus\azureus.exe -> profile=private | protocol=6 | dir=in | action=allow | name=azureus | app=c:\program files (x86)\azureus\azureus.exe |
TCP Query User{950DF020-017D-4661-A34B-F0EA782BFD35}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.5.game -> profile=private | protocol=6 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.5.game |
TCP Query User{9C98487E-E08E-48E3-AC50-33821F800B88}C:\users\trung dinh\diablo ii\d2loader-1.12.exe -> profile=public | protocol=6 | dir=in | action=allow | name=d2loader-1.12.exe | app=c:\users\trung dinh\diablo ii\d2loader-1.12.exe |
TCP Query User{A039A6AA-0752-46A4-8158-BAB496C0FAA5}C:\users\trung dinh\steam\steamapps\dhv\counter-strike\hl.exe -> profile=private | protocol=6 | dir=in | action=allow | name=half-life launcher | app=c:\users\trung dinh\steam\steamapps\dhv\counter-strike\hl.exe |
TCP Query User{A3904B2D-7B6D-4714-B2C0-B0D0B3A2CB52}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
TCP Query User{A469665C-974E-4747-9E8B-920C7D6119FA}C:\users\trung dinh\steam\steamapps\danvuhustle\counter-strike source\hl2.exe -> profile=private | protocol=6 | dir=in | action=allow | name=hl2 | app=c:\users\trung dinh\steam\steamapps\danvuhustle\counter-strike source\hl2.exe |
TCP Query User{AC621CD6-00DB-4086-AE52-C50E55C6DD32}C:\program files (x86)\warcraft iii\war3.exe -> profile=private | protocol=6 | dir=in | action=allow | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe |
TCP Query User{B29036AD-D24D-47D3-B4E0-845F4C5D16DE}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=public | protocol=6 | dir=in | action=block | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe |
TCP Query User{B4A2DC86-F75B-4DFC-8B91-8BC276F6A97E}C:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat -> profile=private | protocol=6 | dir=in | action=allow | name=the battle for middle-earth™ ii | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
TCP Query User{B5813F9B-1EE9-4065-AAA8-74D5A17F7941}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe -> profile=public | protocol=6 | dir=in | action=allow | name=logitech desktop messenger | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
TCP Query User{B86A76E0-91D8-485C-A5CB-04094B70DBF2}C:\program files (x86)\itunes\itunes.exe -> profile=public | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
TCP Query User{BDE3635C-7FFF-4F45-880D-D7E940FCED09}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.6.game -> profile=private | protocol=6 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.6.game |
TCP Query User{C0D84168-EFF4-45E1-9F9A-9594B0FBA689}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=public | protocol=6 | dir=in | action=block | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
TCP Query User{C8516B90-2B6E-4BAE-85E0-BF830F63AECE}C:\program files (x86)\mirc\mirc.exe -> profile=public | protocol=6 | dir=in | action=allow | name=mirc | app=c:\program files (x86)\mirc\mirc.exe |
TCP Query User{C901486B-8704-4341-84CC-A6C134DF751A}C:\program files (x86)\orbitdownloader\orbitnet.exe -> profile=private | protocol=6 | dir=in | action=allow | name=p2p service of orbit downloader | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
TCP Query User{CEF949CC-B9DF-420A-95B5-868DF4215750}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game -> profile=public | protocol=6 | dir=in | action=block | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game |
TCP Query User{D1324550-A5ED-42D2-9565-E6BF981F8A8D}C:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe -> profile=public | protocol=6 | dir=in | action=allow | name=lotroclient | app=c:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |
TCP Query User{D43559CE-E110-4845-BC49-91DDB4BB1015}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe -> profile=private | protocol=6 | dir=in | action=allow | name=nokia software updater | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
TCP Query User{D5BC66B8-4289-4578-A263-EFB30F134D1F}C:\program files (x86)\mozilla firefox\firefox.exe -> profile=private | protocol=6 | dir=in | action=allow | name=firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe |
TCP Query User{D8AD1F9C-018E-49FB-8175-A70CE0EDFE44}C:\program files (x86)\warcraft iii\war3.exe -> profile=public | protocol=6 | dir=in | action=allow | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe |
TCP Query User{E42CF5A9-E0A1-46C9-A2AD-584C8F44BD86}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.6.game -> profile=public | protocol=6 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.6.game |
TCP Query User{E449B699-B4FC-4A89-B9ED-540DFD855F02}C:\program files (x86)\savage 2 - a tortured soul\savage2.exe -> profile=public | protocol=6 | dir=in | action=allow | name=savage2 | app=c:\program files (x86)\savage 2 - a tortured soul\savage2.exe |
TCP Query User{EB5358A8-0B66-44E9-9311-D7B412B5247C}C:\program files (x86)\warcraft iii\pickup.listchecker.exe -> profile=public | protocol=6 | dir=in | action=allow | name=pickup.listchecker | app=c:\program files (x86)\warcraft iii\pickup.listchecker.exe |
TCP Query User{AA9CCFEB-3DA1-4B66-AD3C-1409D031D8DA}C:\users\trung dinh\desktop\pickup.listchecker.exe -> profile=private | protocol=6 | dir=in | action=allow | name=pickup.listchecker.exe | app=c:\users\trung dinh\desktop\pickup.listchecker.exe |
UDP Query User{03247CF0-4188-4BA6-81DC-23123864055E}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.5.game -> profile=public | protocol=17 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.5.game |
UDP Query User{05DCA419-527C-4846-9AEC-3A13003C2574}C:\program files (x86)\electronic arts\red alert 3\data\worldbuilder.exe -> profile=private | protocol=17 | dir=in | action=allow | name=command & conquer: red alert™ 3 world builder | app=c:\program files (x86)\electronic arts\red alert 3\data\worldbuilder.exe |
UDP Query User{08094F5C-2ADA-4B32-BFBE-3F46669FF723}C:\users\trung dinh\diablo ii\d2loader-1.12.exe -> profile=private | protocol=17 | dir=in | action=allow | name=d2loader-1.12.exe | app=c:\users\trung dinh\diablo ii\d2loader-1.12.exe |
UDP Query User{0D21E232-61E1-428D-A8BE-8F4AFC1971D3}C:\users\trung dinh\steam\steamapps\danvuhustle\counter-strike source\hl2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hl2 | app=c:\users\trung dinh\steam\steamapps\danvuhustle\counter-strike source\hl2.exe |
UDP Query User{0DB88C86-06C3-48E8-97A9-0C689A14A4AF}C:\program files (x86)\orbitdownloader\orbitnet.exe -> profile=private | protocol=17 | dir=in | action=allow | name=p2p service of orbit downloader | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
UDP Query User{103E3AAE-88F3-4F91-ADDC-59F318C8F7E9}C:\program files (x86)\hamachi\hamachi.exe -> profile=private | protocol=17 | dir=in | action=allow | name=hamachi client | app=c:\program files (x86)\hamachi\hamachi.exe |
UDP Query User{1076326A-7A0C-4EC6-814D-BA567B5926F7}C:\program files (x86)\savage 2 - a tortured soul\savage2.exe -> profile=private | protocol=17 | dir=in | action=allow | name=savage2 | app=c:\program files (x86)\savage 2 - a tortured soul\savage2.exe |
UDP Query User{1953D81C-546D-4399-97A5-11EAB1405332}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.5.game -> profile=private | protocol=17 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.5.game |
UDP Query User{1A5BAAE1-0E33-4565-AA3F-47FCC9A0B25E}C:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe -> profile=private | protocol=17 | dir=in | action=allow | name=lotroclient | app=c:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |
UDP Query User{1E7CD3BE-18D9-4231-AEAC-4F3047646709}C:\program files (x86)\ea games\battlefield 2\bf2.exe -> profile=public | protocol=17 | dir=in | action=block | name=bf2 | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
UDP Query User{21F31A6E-1CCE-4A20-A573-4C0F01296979}C:\program files (x86)\orb networks\orb\bin\orbtray.exe -> profile=public | protocol=17 | dir=in | action=allow | name=orb | app=c:\program files (x86)\orb networks\orb\bin\orbtray.exe |
UDP Query User{2684BB52-D773-493E-8711-77F93B94E210}C:\users\trung dinh\steam\steamapps\loan_326\counter-strike\hl.exe -> profile=public | protocol=17 | dir=in | action=block | name=half-life launcher | app=c:\users\trung dinh\steam\steamapps\loan_326\counter-strike\hl.exe |
UDP Query User{28EF6715-1C3B-4B1A-AD64-E8B36BA38DEC}C:\program files (x86)\azureus\azureus.exe -> profile=public | protocol=17 | dir=in | action=allow | name=azureus | app=c:\program files (x86)\azureus\azureus.exe |
UDP Query User{336F36C1-BB95-46E3-A853-398F0EA6CC83}C:\users\trung dinh\desktop\c\wwp.exe -> profile=private | protocol=17 | dir=in | action=allow | name=wwp.exe | app=c:\users\trung dinh\desktop\c\wwp.exe |
UDP Query User{38DC8E4F-0158-4E83-AD18-E00C6B5DAEF4}C:\users\trung dinh\desktop\the battle for middle-earth (tm) ii\game.dat -> profile=public | protocol=17 | dir=in | action=allow | name=game.dat | app=c:\users\trung dinh\desktop\the battle for middle-earth (tm) ii\game.dat |
UDP Query User{3ADAF294-3C45-44BC-AA56-7D5213CA876B}C:\program files (x86)\mirc\mirc.exe -> profile=private | protocol=17 | dir=in | action=allow | name=mirc | app=c:\program files (x86)\mirc\mirc.exe |
UDP Query User{3FD30523-1513-425F-B13E-E2B327D921AE}C:\program files (x86)\azureus\azureus.exe -> profile=private | protocol=17 | dir=in | action=allow | name=azureus | app=c:\program files (x86)\azureus\azureus.exe |
UDP Query User{40641CEF-7C9F-46E1-AE95-2FD8B0DC66C4}C:\program files (x86)\mirc\mirc.exe -> profile=public | protocol=17 | dir=in | action=allow | name=mirc | app=c:\program files (x86)\mirc\mirc.exe |
UDP Query User{42A249F4-4983-483F-9E51-08960B05FF7E}C:\program files (x86)\poivy.com\poivy\poivy.exe -> profile=private | protocol=17 | dir=in | action=allow | name=client to make voip calls. | app=c:\program files (x86)\poivy.com\poivy\poivy.exe |
UDP Query User{46127E32-54BD-4A12-A60C-6E6E81D65161}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game -> profile=public | protocol=17 | dir=in | action=block | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game |
UDP Query User{508CF074-7509-4B36-93FE-0B54145B81D8}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe -> profile=private | protocol=17 | dir=in | action=allow | name=nokia service layer host process | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
UDP Query User{513051BF-E62E-40EF-A8DF-5F8D75DAFB0D}C:\program files (x86)\warcraft iii\war3.exe -> profile=private | protocol=17 | dir=in | action=allow | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe |
UDP Query User{52DCE4BD-ED6B-439D-A075-A50D20640874}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=block | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe |
UDP Query User{55DCE3BC-970D-4528-9D21-EFC94B4D2C4A}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=public | protocol=17 | dir=in | action=block | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
UDP Query User{577BA1F5-720E-46C6-8F7E-158EA2AC7B9B}C:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe -> profile=public | protocol=17 | dir=in | action=allow | name=lotroclient | app=c:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |
UDP Query User{5C2CC5C3-09DF-4A49-8A95-8B0B10FEEF94}C:\program files (x86)\limewire\limewire.exe -> profile=public | protocol=17 | dir=in | action=block | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
UDP Query User{5AAE7050-D790-4C51-B6AA-FF608EE3F50B}C:\program files (x86)\mozilla firefox\firefox.exe -> profile=private | protocol=17 | dir=in | action=allow | name=firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe |
UDP Query User{783DBDB1-919D-47F2-A395-D400C76EC4EA}C:\program files (x86)\orb networks\orb\bin\orb.exe -> profile=public | protocol=17 | dir=in | action=allow | name=orb application | app=c:\program files (x86)\orb networks\orb\bin\orb.exe |
UDP Query User{7987BA83-E2B2-4B8E-9F83-1684CFBAE8E6}C:\program files (x86)\veoh networks\veoh\veohclient.exe -> profile=public | protocol=17 | dir=in | action=allow | name=veoh client | app=c:\program files (x86)\veoh networks\veoh\veohclient.exe |
UDP Query User{7E9843C6-B29C-4BA2-8733-C9E5DDF8E2FE}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.6.game -> profile=private | protocol=17 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.6.game |
UDP Query User{8185143B-930B-4F12-8910-386A19067BED}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.6.game -> profile=public | protocol=17 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.6.game |
UDP Query User{84E22B2D-745D-46AB-B708-794ED779C8A8}C:\users\trung dinh\desktop\pickup.listchecker.exe -> profile=private | protocol=17 | dir=in | action=allow | name=pickup.listchecker.exe | app=c:\users\trung dinh\desktop\pickup.listchecker.exe |
UDP Query User{85E800AB-6D1F-4CB8-8338-D4408B4D8BA2}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe -> profile=public | protocol=17 | dir=in | action=allow | name=logitech desktop messenger | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
UDP Query User{8715B29C-BAEC-4A7C-8BB2-0AAC887C61D3}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe -> profile=public | protocol=17 | dir=in | action=allow | name=nokia software updater | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
UDP Query User{8CB46F93-296B-4A3D-8B90-2242EE0AD4CC}C:\users\trung dinh\desktop\720_starcraft2gameplayvideo_englishus.avi-downloader.exe -> profile=private | protocol=17 | dir=in | action=allow | name=720_starcraft2gameplayvideo_englishus.avi-downloader.exe | app=c:\users\trung dinh\desktop\720_starcraft2gameplayvideo_englishus.avi-downloader.exe |
UDP Query User{92DED156-362D-43FA-AA54-B3574F672882}C:\program files (x86)\warcraft iii\pickup.listchecker.exe -> profile=public | protocol=17 | dir=in | action=allow | name=pickup.listchecker | app=c:\program files (x86)\warcraft iii\pickup.listchecker.exe |
UDP Query User{B6B9E442-94BE-4DF3-8251-22EC3E0EB719}C:\users\trung dinh\diablo ii\d2loader-1.12.exe -> profile=public | protocol=17 | dir=in | action=allow | name=d2loader-1.12.exe | app=c:\users\trung dinh\diablo ii\d2loader-1.12.exe |
UDP Query User{BF09E68E-24B8-42BA-BA11-80DED898BE2D}C:\program files (x86)\adobe\adobe flash cs4\flash.exe -> profile=public | protocol=17 | dir=in | action=block | name=adobe flash cs4 | app=c:\program files (x86)\adobe\adobe flash cs4\flash.exe |
UDP Query User{C7674761-8EAF-4CE3-8B8D-4BAF1F3787DD}C:\program files (x86)\warcraft iii\war3.exe -> profile=public | protocol=17 | dir=in | action=allow | name=warcraft iii | app=c:\program files (x86)\warcraft iii\war3.exe |
UDP Query User{CA120453-2BDF-4AC2-B235-6C3263B6F9B2}C:\program files (x86)\veoh networks\veoh\veohclient.exe -> profile=private | protocol=17 | dir=in | action=allow | name=veoh client | app=c:\program files (x86)\veoh networks\veoh\veohclient.exe |
UDP Query User{CC1DCAE9-B3B4-4BB6-9B18-F5355FC18343}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game -> profile=private | protocol=17 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.10.game |
UDP Query User{D0E0156E-FDF4-430F-AC66-7C5C847C4034}C:\program files (x86)\warcraft iii\pickup.listchecker.exe -> profile=private | protocol=17 | dir=in | action=allow | name=pickup.listchecker | app=c:\program files (x86)\warcraft iii\pickup.listchecker.exe |
UDP Query User{D1CA30AC-61A8-4275-AA42-C83D85EAEEA4}C:\program files (x86)\hamachi\hamachi.exe -> profile=public | protocol=17 | dir=in | action=allow | name=hamachi client | app=c:\program files (x86)\hamachi\hamachi.exe |
UDP Query User{D4BF0550-98B0-4B6C-B062-2C8AD6AB8455}C:\program files (x86)\itunes\itunes.exe -> profile=public | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
UDP Query User{D859E0A8-4C33-47B5-8065-A478CCE9FD12}C:\users\trung dinh\steam\steamapps\loan_326\counter-strike\hl.exe -> profile=private | protocol=17 | dir=in | action=allow | name=half-life launcher | app=c:\users\trung dinh\steam\steamapps\loan_326\counter-strike\hl.exe |
UDP Query User{DFE25A54-918D-47CF-9169-140E02B8B491}C:\program files (x86)\savage 2 - a tortured soul\savage2.exe -> profile=public | protocol=17 | dir=in | action=allow | name=savage2 | app=c:\program files (x86)\savage 2 - a tortured soul\savage2.exe |
UDP Query User{DFEEC77A-0918-45C7-B4ED-D30DE47B3BD2}C:\program files (x86)\limewire\limewire.exe -> profile=private | protocol=17 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
UDP Query User{E59CCF61-1047-4941-A3DD-283B3C467439}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe -> profile=public | protocol=17 | dir=in | action=allow | name=nokia service layer host process | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
UDP Query User{EA057885-0766-4418-8882-EB2F6629960B}C:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game -> profile=private | protocol=17 | dir=in | action=allow | name=command & conquer™ red alert™ 3 | app=c:\program files (x86)\electronic arts\red alert 3\data\ra3_1.4.game |
UDP Query User{EE7EE2C5-DD1D-4F7A-AE34-8887DBE93A62}C:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat -> profile=private | protocol=17 | dir=in | action=allow | name=the battle for middle-earth™ ii | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
UDP Query User{F446F7A7-FE99-4025-8EF5-9DB6D818EACE}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=private | protocol=17 | dir=in | action=allow | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe |
UDP Query User{F561E376-435C-488D-93A9-DA1FCA575794}C:\program files (x86)\electronic arts\eadm\core.exe -> profile=public | protocol=17 | dir=in | action=block | name=ea download manager | app=c:\program files (x86)\electronic arts\eadm\core.exe |
UDP Query User{FB593512-CEB1-40A9-BB6F-08369252776D}C:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe -> profile=private | protocol=17 | dir=in | action=allow | name=adobe after effects cs3 | app=c:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe |
UDP Query User{FC258F2D-6384-49A4-942C-ABA66C2B6804}C:\users\trung dinh\steam\steamapps\dhv\counter-strike\hl.exe -> profile=private | protocol=17 | dir=in | action=allow | name=half-life launcher | app=c:\users\trung dinh\steam\steamapps\dhv\counter-strike\hl.exe |
UDP Query User{FE006598-FCB1-4BEA-8F22-2571C88A3017}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe -> profile=private | protocol=17 | dir=in | action=allow | name=nokia software updater | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe |
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008-01-19 08:29:04 | 00,079,872 | ---- | M] ()
< Drives with AutoRun files > -> ->
C:\Autodesk [] -> C:\Autodesk [ NTFS ] -> [2009-01-28 13:49:42 | 00,000,000 | ---D | M]
D:\autorun.inf [[autorun] | open=Start.exe | icon=logo.ico | ] -> D:\autorun.inf [ CDFS ] -> [2007-03-09 09:30:30 | 00,000,042 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\H
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\shell\AutoRun\command
\H\shell\AutoRun\command\\"" -> [wdsync.exe] -> File not found
\{83189ec5-b020-11de-aab2-00030d000001}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83189ec5-b020-11de-aab2-00030d000001}\shell\AutoRun\command
\{83189ec5-b020-11de-aab2-00030d000001}\shell\AutoRun\command\\"" -> [wdsync.exe] -> File not found
\{b09b5ec2-4def-11de-ba56-00030d000001}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b09b5ec2-4def-11de-ba56-00030d000001}\shell\AutoRun\command
\{b09b5ec2-4def-11de-ba56-00030d000001}\shell\AutoRun\command\\"" -> E:\WDSetup.exe [E:\WDSetup.exe] -> File not found
\{be529c4e-acf1-11dd-9d84-00030d000001}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be529c4e-acf1-11dd-9d84-00030d000001}\shell\AutoRun\command
\{be529c4e-acf1-11dd-9d84-00030d000001}\shell\AutoRun\command\\"" -> [wdsync.exe] -> File not found
\{c094c538-f472-11dc-b44f-00a0d1c2c76a}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c094c538-f472-11dc-b44f-00a0d1c2c76a}\shell
\{c094c538-f472-11dc-b44f-00a0d1c2c76a}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c094c538-f472-11dc-b44f-00a0d1c2c76a}\shell\AutoRun\command
\{c094c538-f472-11dc-b44f-00a0d1c2c76a}\shell\AutoRun\command\\"" -> F:\Autorun.exe [F:\Autorun.exe] -> File not found
\{cbb40347-b31c-11dd-b209-806e6f6e6963}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbb40347-b31c-11dd-b209-806e6f6e6963}\shell
\{cbb40347-b31c-11dd-b209-806e6f6e6963}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbb40347-b31c-11dd-b209-806e6f6e6963}\shell\AutoRun\command
\{cbb40347-b31c-11dd-b209-806e6f6e6963}\shell\AutoRun\command\\"" -> D:\Start.exe [D:\Start.exe] -> [2006-09-07 05:02:12 | 00,090,112 | R--- | M] (alfa1lab)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found

[Files/Folders - Created Within 14 Days]
ProgramData -> C:\ProgramData -> [2009-10-07 13:13:04 | 00,000,000 | ---D | M]
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009-10-07 13:13:04 | 00,000,000 | ---D | M]
McAfee -> C:\ProgramData\McAfee -> [2009-09-27 12:32:25 | 00,000,000 | ---D | M]
McAfee Security Scan -> C:\ProgramData\McAfee Security Scan -> [2009-09-25 12:32:24 | 00,000,000 | ---D | M]
Roaming -> C:\Users\Trung Dinh\AppData\Roaming -> [2009-10-07 13:13:10 | 00,000,000 | ---D | M]
Adobe -> C:\Users\Trung Dinh\AppData\Roaming\Adobe -> [2009-10-06 14:51:45 | 00,000,000 | ---D | M]
dvdcss -> C:\Users\Trung Dinh\AppData\Roaming\dvdcss -> [2009-09-26 15:18:29 | 00,000,000 | ---D | M]
FileZilla -> C:\Users\Trung Dinh\AppData\Roaming\FileZilla -> [2009-10-02 11:08:33 | 00,000,000 | ---D | M]
Malwarebytes -> C:\Users\Trung Dinh\AppData\Roaming\Malwarebytes -> [2009-10-07 13:13:10 | 00,000,000 | ---D | M]
PoivY -> C:\Users\Trung Dinh\AppData\Roaming\PoivY -> [2009-09-26 10:52:17 | 00,000,000 | ---D | M]
vlc -> C:\Users\Trung Dinh\AppData\Roaming\vlc -> [2009-10-06 22:54:34 | 00,000,000 | ---D | M]
Local -> C:\Users\Trung Dinh\AppData\Local -> [2009-09-26 11:34:01 | 00,000,000 | ---D | M]
eSupport.com -> C:\Users\Trung Dinh\AppData\Local\eSupport.com -> [2009-09-26 11:29:34 | 00,000,000 | ---D | M]
RadarSync -> C:\Users\Trung Dinh\AppData\Local\RadarSync -> [2009-09-26 11:34:01 | 00,000,000 | ---D | M]
Temp -> C:\Users\Trung Dinh\AppData\Local\Temp -> [2009-10-07 16:55:00 | 00,000,000 | ---D | M]
Program Files (x86) -> C:\Program Files (x86) -> [2009-10-07 13:21:34 | 00,000,000 | ---D | M]
Adobe -> C:\Program Files (x86)\Adobe -> [2009-09-26 18:42:08 | 00,000,000 | ---D | M]
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009-10-07 13:13:09 | 00,000,000 | ---D | M]
McAfee Security Scan -> C:\Program Files (x86)\McAfee Security Scan -> [2009-09-29 18:56:27 | 00,000,000 | ---D | M]
Mozilla Thunderbird -> C:\Program Files (x86)\Mozilla Thunderbird -> [2009-10-07 13:19:12 | 00,000,000 | ---D | M]
RadarSyncPcupz -> C:\Program Files (x86)\RadarSyncPcupz -> [2009-09-26 11:36:11 | 00,000,000 | ---D | M]
Warcraft III -> C:\Program Files (x86)\Warcraft III -> [2009-10-06 17:32:32 | 00,000,000 | ---D | M]
Windows Live -> C:\Program Files (x86)\Windows Live -> [2009-10-07 16:43:39 | 00,000,000 | ---D | M]
Adobe -> C:\Program Files\Adobe -> [2009-09-26 18:42:26 | 00,000,000 | ---D | M]
OTS.exe -> C:\Users\Trung Dinh\Desktop\OTS.exe -> [2009-10-07 16:50:43 | 00,519,168 | ---- | C] (OldTimer Tools)
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009-10-07 13:13:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009-10-07 13:13:04 | 00,000,000 | ---D | C]
mbam-setup.exe -> C:\Users\Trung Dinh\Desktop\mbam-setup.exe -> [2009-10-07 13:12:14 | 04,045,528 | ---- | C] (Malwarebytes Corporation )
preloader_as3 -> C:\Users\Trung Dinh\Desktop\preloader_as3 -> [2009-09-30 13:08:44 | 00,000,000 | ---D | C]
McAfee -> C:\ProgramData\McAfee -> [2009-09-27 12:32:25 | 00,000,000 | ---D | C]
McAfee Security Scan -> C:\ProgramData\McAfee Security Scan -> [2009-09-25 12:32:24 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 14 Days]
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp ->
NTUSER.DAT -> C:\Users\Trung Dinh\NTUSER.DAT -> [2009-10-07 16:55:43 | 07,864,320 | -HS- | M] ()
User_Feed_Synchronization-{857A1C89-F844-452E-88B1-F3BD155C576E}.job -> C:\Windows\tasks\User_Feed_Synchronization-{857A1C89-F844-452E-88B1-F3BD155C576E}.job -> [2009-10-07 16:55:35 | 00,000,428 | -H-- | M] ()
OTS.exe -> C:\Users\Trung Dinh\Desktop\OTS.exe -> [2009-10-07 16:50:55 | 00,519,168 | ---- | M] (OldTimer Tools)
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2009-10-07 16:00:00 | 00,000,932 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009-10-07 15:26:33 | 00,003,664 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009-10-07 15:26:33 | 00,003,664 | -H-- | M] ()
Google Software Updater.job -> C:\Windows\tasks\Google Software Updater.job -> [2009-10-07 14:51:10 | 00,000,880 | ---- | M] ()
nvModes.001 -> C:\Users\Trung Dinh\AppData\Roaming\nvModes.001 -> [2009-10-07 14:40:04 | 00,194,274 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2009-10-07 13:26:42 | 00,000,928 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009-10-07 13:26:34 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009-10-07 13:26:31 | 00,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009-10-07 13:26:28 | 42,929,27488 | -HS- | M] ()
NTUSER.DAT{b96398ec-02d9-11de-adaa-00030d000001}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Trung Dinh\NTUSER.DAT{b96398ec-02d9-11de-adaa-00030d000001}.TMContainer00000000000000000001.regtrans-ms -> [2009-10-07 13:25:19 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{b96398ec-02d9-11de-adaa-00030d000001}.TM.blf -> C:\Users\Trung Dinh\NTUSER.DAT{b96398ec-02d9-11de-adaa-00030d000001}.TM.blf -> [2009-10-07 13:25:19 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\Trung Dinh\AppData\Local\IconCache.db -> [2009-10-07 13:25:15 | 04,482,254 | -H-- | M] ()
mbam-setup.exe -> C:\Users\Trung Dinh\Desktop\mbam-setup.exe -> [2009-10-07 13:12:36 | 04,045,528 | ---- | M] (Malwarebytes Corporation )
nvModes.dat -> C:\Users\Trung Dinh\AppData\Roaming\nvModes.dat -> [2009-10-06 17:32:35 | 00,194,274 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009-10-06 10:21:03 | 01,244,334 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009-10-06 10:21:03 | 00,595,506 | ---- | M] ()
perfh006.dat -> C:\Windows\SysNative\perfh006.dat -> [2009-10-06 10:21:03 | 00,471,662 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009-10-06 10:21:03 | 00,104,940 | ---- | M] ()
perfc006.dat -> C:\Windows\SysNative\perfc006.dat -> [2009-10-06 10:21:03 | 00,081,788 | ---- | M] ()
incavi.avm -> C:\Windows\SysNative\drivers\Avg\incavi.avm -> [2009-10-06 09:07:34 | 42,323,369 | ---- | M] ()
microavi.avg -> C:\Windows\SysNative\drivers\Avg\microavi.avg -> [2009-10-06 09:07:34 | 00,005,991 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2009-10-05 15:26:00 | 00,000,496 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009-10-04 16:02:33 | 66,420,1208 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Trung Dinh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009-10-04 09:40:06 | 00,174,592 | ---- | M] ()
SyncToy_fc4842bc-6b85-405e-a973-47f3d5a9a6a4.dat -> C:\Users\Trung Dinh\Documents\SyncToy_fc4842bc-6b85-405e-a973-47f3d5a9a6a4.dat -> [2009-10-03 23:03:21 | 81,678,336 | -H-- | M] ()
Ideer.docx -> C:\Users\Trung Dinh\Desktop\Ideer.docx -> [2009-10-02 10:18:32 | 00,175,019 | ---- | M] ()
mindmap.jpg -> C:\Users\Trung Dinh\Desktop\mindmap.jpg -> [2009-10-02 09:28:58 | 00,162,851 | ---- | M] ()
histide.jpg -> C:\Users\Trung Dinh\Desktop\histide.jpg -> [2009-10-02 09:28:31 | 00,109,236 | ---- | M] ()
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009-10-01 10:29:14 | 00,238,960 | ---- | M] ()
miniavi.avg -> C:\Windows\SysNative\drivers\Avg\miniavi.avg -> [2009-10-01 08:53:30 | 00,492,629 | ---- | M] ()
Sequence 05.avi -> C:\Users\Trung Dinh\Desktop\Sequence 05.avi -> [2009-09-30 19:49:41 | 52,344,312 | ---- | M] ()
Sequence 04.avi -> C:\Users\Trung Dinh\Desktop\Sequence 04.avi -> [2009-09-30 19:48:45 | 12,410,0760 | ---- | M] ()
Sequence 03.avi -> C:\Users\Trung Dinh\Desktop\Sequence 03.avi -> [2009-09-30 19:39:32 | 18,665,808 | ---- | M] ()
Sequence 02.avi -> C:\Users\Trung Dinh\Desktop\Sequence 02.avi -> [2009-09-30 19:35:20 | 14,418,072 | ---- | M] ()
Sequence 01.avi -> C:\Users\Trung Dinh\Desktop\Sequence 01.avi -> [2009-09-30 19:20:53 | 41,724,960 | ---- | M] ()
04 - Death Note Theme ~instrumental~.wav -> C:\Users\Trung Dinh\Desktop\04 - Death Note Theme ~instrumental~.wav -> [2009-09-30 18:56:58 | 07,944,236 | ---- | M] ()
lightbox2.04.zip -> C:\Users\Trung Dinh\Desktop\lightbox2.04.zip -> [2009-09-30 13:09:37 | 00,097,618 | ---- | M] ()
preloader_as3.zip -> C:\Users\Trung Dinh\Desktop\preloader_as3.zip -> [2009-09-30 13:08:09 | 00,960,247 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009-09-29 13:11:55 | 03,289,224 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Trung Dinh\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009-09-29 11:03:00 | 00,126,096 | ---- | M] ()
wallpaper1.jpg -> C:\Users\Trung Dinh\Desktop\wallpaper1.jpg -> [2009-09-29 10:40:20 | 02,064,003 | ---- | M] ()
Earth.png -> C:\Users\Trung Dinh\Desktop\Earth.png -> [2009-09-28 12:39:10 | 00,827,894 | ---- | M] ()
ig295_planets_solarsystem_02.jpg -> C:\Users\Trung Dinh\Desktop\ig295_planets_solarsystem_02.jpg -> [2009-09-28 12:22:03 | 00,027,410 | ---- | M] ()
gliese581planets.jpg -> C:\Users\Trung Dinh\Desktop\gliese581planets.jpg -> [2009-09-28 11:55:12 | 00,034,448 | ---- | M] ()
the-planets-explained.jpg -> C:\Users\Trung Dinh\Desktop\the-planets-explained.jpg -> [2009-09-28 11:54:33 | 00,061,840 | ---- | M] ()
colourbox1054960.jpg -> C:\Users\Trung Dinh\Desktop\colourbox1054960.jpg -> [2009-09-28 11:52:40 | 00,156,629 | ---- | M] ()

[Files - No Company Name]
fssfltr.sys -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2009-10-07 16:44:04 | 00,061,280 | ---- | C] ()
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009-10-07 13:13:04 | 00,022,104 | ---- | C] ()
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009-10-05 12:19:23 | 00,238,960 | ---- | C] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009-10-04 16:01:05 | 66,420,1208 | ---- | C] ()
SyncToy_fc4842bc-6b85-405e-a973-47f3d5a9a6a4.dat -> C:\Users\Trung Dinh\Documents\SyncToy_fc4842bc-6b85-405e-a973-47f3d5a9a6a4.dat -> [2009-10-03 17:22:21 | 81,678,336 | -H-- | C] ()
Ideer.docx -> C:\Users\Trung Dinh\Desktop\Ideer.docx -> [2009-10-02 09:43:23 | 00,175,019 | ---- | C] ()
mindmap.jpg -> C:\Users\Trung Dinh\Desktop\mindmap.jpg -> [2009-10-02 09:28:57 | 00,162,851 | ---- | C] ()
histide.jpg -> C:\Users\Trung Dinh\Desktop\histide.jpg -> [2009-10-02 09:28:23 | 00,109,236 | ---- | C] ()
Sequence 05.avi -> C:\Users\Trung Dinh\Desktop\Sequence 05.avi -> [2009-09-30 19:49:26 | 52,344,312 | ---- | C] ()
Sequence 04.avi -> C:\Users\Trung Dinh\Desktop\Sequence 04.avi -> [2009-09-30 19:48:14 | 12,410,0760 | ---- | C] ()
Sequence 03.avi -> C:\Users\Trung Dinh\Desktop\Sequence 03.avi -> [2009-09-30 19:39:25 | 18,665,808 | ---- | C] ()
Sequence 02.avi -> C:\Users\Trung Dinh\Desktop\Sequence 02.avi -> [2009-09-30 19:35:12 | 14,418,072 | ---- | C] ()
Sequence 01.avi -> C:\Users\Trung Dinh\Desktop\Sequence 01.avi -> [2009-09-30 19:20:44 | 41,724,960 | ---- | C] ()
04 - Death Note Theme ~instrumental~.wav -> C:\Users\Trung Dinh\Desktop\04 - Death Note Theme ~instrumental~.wav -> [2009-09-30 18:56:57 | 07,944,236 | ---- | C] ()
04 - Death Note Theme ~instrumental~.mp3 -> C:\Users\Trung Dinh\Desktop\04 - Death Note Theme ~instrumental~.mp3 -> [2009-09-30 18:54:11 | 01,800,320 | ---- | C] ()
lightbox2.04.zip -> C:\Users\Trung Dinh\Desktop\lightbox2.04.zip -> [2009-09-30 13:09:34 | 00,097,618 | ---- | C] ()
preloader_as3.zip -> C:\Users\Trung Dinh\Desktop\preloader_as3.zip -> [2009-09-30 13:08:05 | 00,960,247 | ---- | C] ()
wallpaper1.jpg -> C:\Users\Trung Dinh\Desktop\wallpaper1.jpg -> [2009-09-29 10:39:31 | 02,064,003 | ---- | C] ()
Earth.png -> C:\Users\Trung Dinh\Desktop\Earth.png -> [2009-09-28 12:39:08 | 00,827,894 | ---- | C] ()
ig295_planets_solarsystem_02.jpg -> C:\Users\Trung Dinh\Desktop\ig295_planets_solarsystem_02.jpg -> [2009-09-28 12:21:59 | 00,027,410 | ---- | C] ()
gliese581planets.jpg -> C:\Users\Trung Dinh\Desktop\gliese581planets.jpg -> [2009-09-28 11:55:09 | 00,034,448 | ---- | C] ()
the-planets-explained.jpg -> C:\Users\Trung Dinh\Desktop\the-planets-explained.jpg -> [2009-09-28 11:54:30 | 00,061,840 | ---- | C] ()
colourbox1054960.jpg -> C:\Users\Trung Dinh\Desktop\colourbox1054960.jpg -> [2009-09-28 11:52:37 | 00,156,629 | ---- | C] ()
AutoGK.ini -> C:\Users\Trung Dinh\AppData\Roaming\AutoGK.ini -> [2009-08-03 00:58:46 | 00,000,582 | ---- | C] ()
dd_vcredistMSI4EE0.txt -> C:\Users\Trung Dinh\AppData\Local\dd_vcredistMSI4EE0.txt -> [2009-06-30 03:05:50 | 00,428,108 | ---- | C] ()
dd_vcredistUI4EE0.txt -> C:\Users\Trung Dinh\AppData\Local\dd_vcredistUI4EE0.txt -> [2009-06-30 03:05:49 | 00,011,472 | ---- | C] ()
d3d9caps.dat -> C:\Users\Trung Dinh\AppData\Local\d3d9caps.dat -> [2009-03-07 23:06:48 | 00,000,680 | ---- | C] ()
d3d8caps.dat -> C:\Users\Trung Dinh\AppData\Local\d3d8caps.dat -> [2009-01-24 16:30:03 | 00,000,552 | ---- | C] ()
OrbError.bmp -> C:\ProgramData\OrbError.bmp -> [2009-01-08 16:08:55 | 01,228,854 | ---- | C] ()
LuUninstall.LiveUpdate -> C:\ProgramData\LuUninstall.LiveUpdate -> [2008-06-18 14:03:42 | 00,749,070 | ---- | C] ()
hpzinstall.log -> C:\ProgramData\hpzinstall.log -> [2008-05-17 12:22:46 | 00,006,965 | ---- | C] ()
fusioncache.dat -> C:\Users\Trung Dinh\AppData\Local\fusioncache.dat -> [2008-03-18 22:28:40 | 00,000,098 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Trung Dinh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008-03-18 00:30:30 | 00,174,592 | ---- | C] ()
nvModes.001 -> C:\Users\Trung Dinh\AppData\Roaming\nvModes.001 -> [2008-03-17 21:38:25 | 00,194,274 | ---- | C] ()
nvModes.dat -> C:\Users\Trung Dinh\AppData\Roaming\nvModes.dat -> [2008-03-17 21:30:03 | 00,194,274 | ---- | C] ()
IconCache.db -> C:\Users\Trung Dinh\AppData\Local\IconCache.db -> [2008-03-17 09:03:42 | 04,482,254 | -H-- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Trung Dinh\AppData\Local\GDIPFONTCACHEV1.DAT -> [2008-03-17 08:54:15 | 00,126,096 | ---- | C] ()
d3d9caps64.dat -> C:\Users\Trung Dinh\AppData\Local\d3d9caps64.dat -> [2008-03-17 08:52:27 | 00,000,732 | ---- | C] ()
desktop.ini -> C:\Program Files\desktop.ini -> [2006-11-02 17:24:55 | 00,000,174 | -HS- | C] ()
desktop.ini -> C:\Program Files (x86)\desktop.ini -> [2006-11-02 17:24:55 | 00,000,174 | -HS- | C] ()

[File - Lop Check]

[Alternate Data Streams]
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:6DFF1A8A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9FA5EC55
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 64 bytes -> C:\Users\Trung Dinh\Desktop\Frost-Nixon.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Trung Dinh\Desktop\hanazakari_no_kimitachi_e_2008_sp_sd[sars].avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Trung Dinh\Desktop\Milk.avi:TOC.WMV
< End of report >
[/code]

Synes godt om

f-arn Guru

07. oktober 2009 - 21:13 #9

Start OTS og kopier følgende ind i vinduet "Paste Fix Here".

[Kill Explorer]
[Registry - Safe List]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "kwlrxndv" -> [rundll32.exe "C:\Users\Trung Dinh\AppData\Roaming\japwamd.dll",pefotvng]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

Klik på "Run Fix" Computeren vil nu genstarte og åbne en log.
Indholdet af den må du gerne kopiere herind.

Synes godt om

thanh Nybegynder

07. oktober 2009 - 21:41 #10

Her får du en ny log:

All Processes Killed
No active process named Explorer.EXE was found!
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\kwlrxndv deleted successfully.
[Empty Temp Folders]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Trung Dinh
File delete failed. C:\Users\Trung Dinh\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
->Temp folder emptied: 320665236 bytes
File delete failed. C:\Users\Trung Dinh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 544195277 bytes
->Java cache emptied: 95357473 bytes
->FireFox cache emptied: 113026804 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 1499583 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1024,99 mb

< End of fix log >
OTS by OldTimer - Version 3.0.20.3 fix logfile created on 10072009_213202

Files\Folders moved on Reboot...
C:\Users\Trung Dinh\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Synes godt om

f-arn Guru

08. oktober 2009 - 09:53 #11

Jeg vil gerna ha' dig til at opdatere Malwarebytes og køre en "fuldstændig system skan"
Kopier loggen herind

Synes godt om

thanh Nybegynder

08. oktober 2009 - 16:29 #12

Malwarebytes' Anti-Malware 1.41
Database version: 2924
Windows 6.0.6001 Service Pack 1

08-10-2009 16:27:24
mbam-log-2009-10-08 (16-27-24).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 556193
Tid tilbagelagt: 2 hour(s), 57 minute(s), 18 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

Synes godt om

f-arn Guru

09. oktober 2009 - 10:28 #13

Hvordan kører pcen nu?

Synes godt om

thanh Nybegynder

09. oktober 2009 - 16:16 #14

Den kører fint nu :D
Det var godt nok meget man skulle gå igennem. Nå, men hvis det var det, så skal du have mange gange tak for hjælpen.

Hvis du lige skriver et svar, så an du lige få pointene.

Synes godt om

f-arn Guru

09. oktober 2009 - 21:31 #15

:)

Synes godt om

Titel	Indlæg	Oprettet	Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59
virusscanning Af JetteD i Virus	2	10/11/202312:55	10/11/202316:36

I dag 15:15	Rapport koder placeret i moduler Af per2edb i Access
I dag 14:09	Computer vil ikke starte Windows Af sirkejser i Windows
I dag 12:09	Mini PC til produktivitet og NAS Af Skoven i PC
I dag 08:07	Digitalpost forsvandt i kommunen Af Trine Jakobsen i E-mail
I går 17:13	Netgear R 6850 Af fjorbak i Routere & Switches

Har fået en worm/downadup virus(japwamd.dll)

Log ind eller opret profil

Hov!