Windows Firewall will not start number 2
-
Windows Firewall will not start number 2
I'll post this again as I cant view my previous thread
I first noted a problem yesterday 9th February when I had no internet connection on my other PC.
When I hover the mouse over the icon in the taskbar it reads "The dependancy service or group failed to start"
Upon reeboot it's still the same. I then noticed that Windows Firewall was not running so I go to Control Panel > Windows Firewall to try to turn on but get the message
"Windows Firewall settings can not be displayed because the associated sevice is not running. Do you want to start the Windows Firewall service?"
I then click Yes but get the message "Windows cannot start the Windows Firewall service"
I then ran malwarebytes and got the following log
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
09/02/2011 15:18:38
mbam-log-2011-02-09 (15-18-38).txt
Scan type: Quick scan
Objects scanned: 117209
Time elapsed: 3 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (Google) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (Google) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (Google) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (Google) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=7&q={searchTerms}) Good: (Google) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\My Security Engine.lnk (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
C:\Users\Home\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\My Security Engine.lnk (Rogue.MySecurityEngine) -> Quarantined and deleted successfully.
I resarted the PC and still the same problem
Tonight I have run Temp File Cleaner, Malwarebytes anti malware,GMER, MBRCheck and DDS as instructed
I enclose the logs below but GMER is too large to post (see previous failed thread) http://www.d-a-l.com/help/spyware-ad...not-start.html
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes
Database version: 4052
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
10/02/2011 19:26:14
mbam-log-2011-02-10 (19-26-14).txt
Scan type: Quick scan
Objects scanned: 125832
Time elapsed: 1 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD
System Product Name: MS-7577
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 150):
0x02C12000 \SystemRoot\system32\ntoskrnl.exe
0x03129000 \SystemRoot\system32\hal.dll
0x0060C000 \SystemRoot\system32\kdcom.dll
0x00616000 \SystemRoot\system32\PSHED.dll
0x0062A000 \SystemRoot\system32\CLFS.SYS
0x00687000 \SystemRoot\system32\CI.dll
0x00800000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008E8000 \SystemRoot\system32\drivers\acpi.sys
0x0093E000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00947000 \SystemRoot\system32\drivers\msisadrv.sys
0x00951000 \SystemRoot\system32\drivers\pci.sys
0x00981000 \SystemRoot\System32\drivers\partmgr.sys
0x00996000 \SystemRoot\system32\drivers\volmgr.sys
0x00739000 \SystemRoot\System32\drivers\volmgrx.sys
0x009AA000 \SystemRoot\system32\drivers\pciide.sys
0x009B1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009C1000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A03000 \SystemRoot\system32\drivers\iastorv.sys
0x00AC8000 \SystemRoot\system32\drivers\atapi.sys
0x00AD0000 \SystemRoot\system32\drivers\ataport.SYS
0x00AF4000 \SystemRoot\system32\drivers\msahci.sys
0x00AFD000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B44000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B58000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x00B6D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C02000 \SystemRoot\system32\drivers\ndis.sys
0x0079F000 \SystemRoot\system32\drivers\msrpc.sys
0x00E02000 \SystemRoot\system32\drivers\NETIO.SYS
0x00E5B000 \SystemRoot\System32\drivers\tcpip.sys
0x00FD1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01008000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01188000 \SystemRoot\system32\drivers\volsnap.sys
0x011CC000 \SystemRoot\System32\Drivers\spldr.sys
0x011D4000 \SystemRoot\System32\Drivers\mup.sys
0x00DC5000 \SystemRoot\System32\drivers\ecache.sys
0x009D4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x011E6000 \SystemRoot\system32\drivers\disk.sys
0x01205000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01231000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01239000 \SystemRoot\system32\drivers\crcdisk.sys
0x01285000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01292000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x0129B000 \SystemRoot\system32\DRIVERS\processr.sys
0x012AE000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x06806000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0703D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x07120000 \SystemRoot\System32\drivers\watchdog.sys
0x012FB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x07130000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x07163000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x07175000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x07185000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x07190000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x071D6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02400000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0241C000 \SystemRoot\system32\DRIVERS\serial.sys
0x02439000 \SystemRoot\system32\DRIVERS\serenum.sys
0x02445000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0244E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02487000 \SystemRoot\system32\DRIVERS\storport.sys
0x024E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x024F1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02514000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02520000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02551000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02561000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0257F000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x07202000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x0729C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x072AF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x072BD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x072C9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x072CB000 \SystemRoot\system32\DRIVERS\ks.sys
0x072FF000 \SystemRoot\system32\DRIVERS\AmdLLD64.sys
0x07312000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0731D000 \SystemRoot\system32\DRIVERS\amdiox64.sys
0x07331000 \SystemRoot\system32\DRIVERS\umbus.sys
0x07341000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x07389000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0739D000 \SystemRoot\system32\drivers\AtihdLH6.sys
0x073BD000 \SystemRoot\system32\drivers\portcls.sys
0x02597000 \SystemRoot\system32\drivers\drmk.sys
0x073F8000 \SystemRoot\system32\drivers\ksthunk.sys
0x09002000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x091AB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x091B5000 \SystemRoot\System32\Drivers\Null.SYS
0x091DF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x091E7000 \SystemRoot\System32\drivers\vga.sys
0x025BA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x091F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x091BE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x091C7000 \SystemRoot\System32\Drivers\Msfs.SYS
0x025DF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x091D2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x08E0B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x08E28000 \SystemRoot\system32\DRIVERS\smb.sys
0x08E43000 \SystemRoot\system32\drivers\afd.sys
0x08EAE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x08EF2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x08F10000 \SystemRoot\system32\DRIVERS\netbios.sys
0x08F1F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x08F3A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x08F87000 \SystemRoot\system32\drivers\nsiproxy.sys
0x08F93000 \??\F:\Program files\HWiNFO32\HWiNFO64A.SYS
0x08FB6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0940A000 \SystemRoot\system32\drivers\csc.sys
0x09480000 \SystemRoot\System32\Drivers\dfsc.sys
0x0949D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x094BF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x094DB000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x094E6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x094EF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x09501000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0950C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x09517000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0954C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0955A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x09566000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x0956E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x09581000 \SystemRoot\System32\drivers\Dxapi.sys
0x0958D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00410000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x095A0000 \SystemRoot\system32\drivers\luafv.sys
0x095C2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x0DA06000 \SystemRoot\system32\drivers\spsys.sys
0x0DAA0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0DAB4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0DACC000 \SystemRoot\system32\drivers\HTTP.sys
0x0DB6F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0DB7A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0DBA3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0DBC1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08FB8000 \SystemRoot\system32\drivers\mrxdav.sys
0x01243000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0E007000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0E050000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0E06F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0E0A1000 \SystemRoot\System32\DRIVERS\srv.sys
0x0E136000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys
0x0E13F000 \SystemRoot\system32\drivers\peauth.sys
0x0E1F5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0DBDB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0EC3E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0EC5A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0EC72000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x0EC92000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77490000 \Windows\System32\ntdll.dll
Processes (total 52):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
532 csrss.exe
604 C:\Windows\System32\wininit.exe
624 csrss.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
840 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\winlogon.exe
972 C:\Windows\System32\svchost.exe
204 C:\Windows\System32\svchost.exe
324 C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
344 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\atiesrxx.exe
492 C:\Windows\System32\svchost.exe
12 C:\Windows\System32\svchost.exe
708 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\audiodg.exe
1080 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\SLsvc.exe
1156 C:\Windows\System32\svchost.exe
1372 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1440 C:\Windows\System32\atieclxx.exe
1752 C:\Windows\System32\spoolsv.exe
1784 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
2016 C:\Windows\System32\dwm.exe
1144 C:\Windows\System32\taskeng.exe
1952 C:\Windows\explorer.exe
2408 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2468 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
1424 C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
1244 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1568 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2684 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
2900 C:\Windows\SysWOW64\PnkBstrA.exe
2940 C:\Windows\System32\svchost.exe
2720 C:\Windows\System32\svchost.exe
2780 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2868 C:\Windows\System32\SearchIndexer.exe
2512 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1504 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2120 unsecapp.exe
1808 WmiPrvSE.exe
2072 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
2440 C:\Windows\System32\wuauclt.exe
3732 WUDFHost.exe
3892 C:\Windows\System32\SearchProtocolHost.exe
2372 C:\Windows\System32\SearchFilterHost.exe
3784 C:\Users\Home\Desktop\MBRCheck.exe
3868 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000092`99f00000 (NTFS)
PhysicalDrive1 Model Number: WDCWD1500HLFS-01G6U0, Rev: 04.04V01
PhysicalDrive0 Model Number: WDCWD6401AALS-00L3B2, Rev: 01.03B01
Size Device Name MBR Status
--------------------------------------------
139 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
596 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Home at 20:13:23.74 on 10/02/2011
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.4093.2727 [GMT 0:00]
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Home\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*Yahoo! Search - Web Search
uStart Page = hxxp://bt.yahoo.com
uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*Yahoo! SearchBar Home Page
mDefault_Search_URL = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*Yahoo! Search - Web Search
mSearch Page =
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*Yahoo! SearchBar Home Page
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*Yahoo! Search - Web Search
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=C:\Windows\system32\userinit.exe,C:\Windo ws\system32\sdra73.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5a501d13-b97d-4690-8983-3185556107c8} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
TB: {5a501d13-b97d-4690-8983-3185556107c8} - No File
uRun: [Steam] ~"f:\program files\steam\steam.exe" -silent
uRun: [Sidebar] ~C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EPSON Stylus Photo R265 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBNE. EXE /FU "C:\Windows\TEMP\E_S3452.tmp" /EF "HKCU"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DelReg] "C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://clients.futuremark.com/openapi/receivers/FMSI.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} -
TB-X64: {5A501D13-B97D-4690-8983-3185556107C8} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [diagnostics] "C:\Program Files (x86)\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:en
================= FIREFOX ===================
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Prof iles\141ktduv.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://home.bt.yahoo.com/
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.d ll
FF - plugin: C:\Program Files (x86)\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Prof iles\141ktduv.default\extensions\2020Player@2020Te chnologies.com\plugins\NP2020Player.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.c om
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
============= SERVICES / DRIVERS ===============
=============== File Associations ===============
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
=============== Created Last 30 ================
2011-02-09 16
17 -------- d-----w- C:\Users\Home\AppData\Roaming\HiYo
2011-02-09 13:26:54 196096 ----a-w- C:\Windows\System32\drivers\Rtlh64.sys
2011-02-04 17:19:47 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcDABA.tmp
2011-01-26 22:20:53 -------- d-----w- C:\Program Files (x86)\ATI Stream
2011-01-23 13:39:51 8704 ----a-w- C:\Windows\System32\E_GCINST.DLL
2011-01-23 13:39:50 86528 ----a-w- C:\Windows\System32\E_IBCBBNE.DLL
2011-01-23 13:37:32 90112 ----a-w- C:\Windows\SysWow64\epcomdd.dll
2011-01-23 13:37:32 77824 ----a-w- C:\Windows\SysWow64\Esintpl.dll
2011-01-23 13:37:32 66048 ----a-w- C:\Windows\SysWow64\escwian.dll
2011-01-23 13:37:32 61952 ----a-w- C:\Windows\SysWow64\escwiad.dll
2011-01-23 13:37:32 53248 ----a-w- C:\Windows\SysWow64\ESICM.dll
2011-01-23 13:37:32 3584 ----a-w- C:\Windows\SysWow64\eswiaml.dll
2011-01-23 13:37:32 184320 ----a-w- C:\Windows\SysWow64\ESDTR.dll
2011-01-23 13:37:32 126976 ----a-w- C:\Windows\SysWow64\Esint23.dll
2011-01-23 10:23:20 88576 ----a-w- C:\Windows\System32\esxuni.dll
2011-01-23 10:23:20 69120 ----a-w- C:\Windows\System32\esxuimg.dll
2011-01-23 10:23:20 47616 ----a-w- C:\Windows\System32\esxucm.dll
2011-01-23 10:23:20 44544 ----a-w- C:\Windows\SysWow64\escwiab.dll
2011-01-23 10:23:20 32256 ----a-w- C:\Windows\SysWow64\esccm.dll
2011-01-23 10:23:20 27648 ----a-w- C:\Windows\SysWow64\escimg.dll
2011-01-18 11:55:43 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{8F519336-33E3-4131-BFFA-C74E27796356}\mpengine.dll
2011-01-14 22:51:36 -------- d-----w- C:\Program Files (x86)\MSECache
==================== Find3M ====================
2011-02-09 14:29:04 171520 ----a-w- C:\Windows\System32\nlasvc.dll
2011-02-09 13:40:22 96768 ----a-w- C:\Windows\SysWow64\wininit.exe
2011-01-27 23:44:14 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-01-27 23:44:14 270904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-01-27 23:42:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-01-05 03:37:14 8283136 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-01-05 03:22:46 22100480 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-05 03:03:34 17043968 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-05 03:02:40 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-05 03:02:28 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-05 03:01:12 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-05 02:58:42 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-05 02:58:22 480256 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-05 02:57:44 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-05 02
30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-05 0210 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-05 0202 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-05 02:55:50 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-05 02:55:46 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-05 02:55:40 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-05 02:55:34 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-05 02:52:20 4101632 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-05 02:43:20 4844544 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-05 02:33:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-05 02:33:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-05 02:33:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-05 02:33:20 4162048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-05 02:33:16 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-05 02:33:08 6815232 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-05 02:32:56 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-05 02:32:22 3218944 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-05 02:31:52 5441024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-05 02:28:08 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-05 02:27:06 5305856 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-05 02:25:04 3461120 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-05 02:20:20 353792 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-05 02:20:10 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-05 02:19:58 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-05 02:19:54 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-05 02:19:54 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-05 02:19:52 32256 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-05 02:19:44 27648 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-05 02:19:38 294400 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-01-05 02:18:52 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-05 02:18:46 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-05 02:18:34 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-05 02:18:26 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-01-05 02:17:48 26112 ----a-w- C:\Windows\System32\atitmp64.dll
2011-01-05 02:17:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-05 02:11:10 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-05 02:11:10 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-05 02:11:00 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-05 02:11:00 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-12-07 12:17:20 51200 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2010-12-07 12:15:30 52736 ----a-w- C:\Windows\System32\OpenCL.dll
2010-12-01 19:54:14 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2010-11-23 22:31:28 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-11-17 12:04:18 111120 ----a-w- C:\Windows\System32\drivers\AtihdLH6.sys
============= FINISH: 20:15:20.94 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 10/10/2009 22:20:03
System Uptime: 10/02/2011 19:32:27 (1 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 790FX-GD70(MS-7577)
Processor: AMD Phenom(tm) II X4 955 Processor | CPU1 | 3451/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 140 GiB total, 90.969 GiB free.
D: is CDROM ()
E: is Removable
F: is FIXED (NTFS) - 586 GiB total, 402.497 GiB free.
G: is FIXED (NTFS) - 10 GiB total, 9.095 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
"Nero SoundTrax Help
3DMark 11
3DMark Vantage
3DMark05
3DMark06
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Advertising Center
AMD Fusion Utility for Desktops
AMD OverDrive
Apple Application Support
Apple Software Update
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Battlefield 2: Deluxe Edition
Battlefield Heroes
Battlefield: Bad Company™ 2
BitTornado 0.3.17
BTHomeHub
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Juarez - Bound in Blood
Camera RAW Plug-In for EPSON Creativity Suite
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CCleaner
Compatibility Pack for the 2007 Office system
DolbyFiles
Driver Sweeper 2.0.5
EA Download Manager
EPSON TWAIN 5
EVEREST Ultimate Edition v5.00
Fraps (remove only)
Futuremark SystemInfo
Geekbench 2.1
Google Earth Plug-in
Google Update Helper
GoToAssist Corporate
GRID
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP USB Disk Storage Format Tool
HWBOT Unigine Heaven Benchmark Application
ImagXpress
J2SE Runtime Environment 5.0 Update 7
Junk Mail filter update
MadOnion.com/3DMark2001 SE
Magic ISO Maker v5.3 (build 0221)
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works 4.0
Movie Templates - Starter Kit
Mozilla Firefox (3.5.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA PhysX
OpenAL
OverclockingCenter
PCMark Vantage
PCMark04
PCMark05
Picasa 3
Portal
PunkBuster Services
QuickTime
Rapture3D 2.3.26 Game
Realtek 8136 8168 8169 Ethernet Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
RivaTuner v2.22
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Serif PagePlus Starter Edition
SoundTrax
SpywareBlaster 4.4
Steam
TeamSpeak 2 RC2
Unigine Heaven Benchmark v2.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VoipOverlay
Watermark Image software version 1.6.9.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
WMV9/VC-1 Video Playback
WOT for Internet Explorer
==== Event Viewer Messages From Past Week ========
10/02/2011 20:14:58, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
10/02/2011 19:55:04, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
10/02/2011 19:55:00, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\SYSTEM' was corrupted and it has been recovered. Some data might have been lost.
10/02/2011 19:54:07, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
10/02/2011 19:46:05, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: Access is denied.
10/02/2011 19:46:05, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The operation completed successfully.
10/02/2011 19:43:55, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
10/02/2011 19:36:06, Error: Service Control Manager [7023] - The Network Location Awareness service terminated with the following error: Network Location Awareness is not a valid Win32 application.
10/02/2011 19:36:06, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: Network List Service is not a valid Win32 application.
10/02/2011 19:36:06, Error: Microsoft-Windows-WMPNSS-Service [14333] - Service 'WMPNetworkSvc' did not start correctly due to error '0x8007042c'. Restart your computer, and then try to restart the service.
10/02/2011 19:36:06, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/02/2011 19:33:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt SASDIFSV SASKUTIL
10/02/2011 19:33:46, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: Access is denied.
10/02/2011 19:33:46, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: The system cannot find the file specified.
10/02/2011 19:33:46, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: Access is denied.
10/02/2011 19:33:46, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
10/02/2011 19:33:46, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
10/02/2011 19:33:46, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
10/02/2011 19:33:46, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
10/02/2011 19:33:41, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070005: Access is denied.
10/02/2011 19:33:41, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
10/02/2011 19:12:27, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
10/02/2011 19:12:12, Error: Service Control Manager [7034] - The AMD Fusion Utility Service service terminated unexpectedly. It has done this 1 time(s).
09/02/2011 20:00:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
09/02/2011 15:54:45, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy159.
09/02/2011 15:28:03, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
09/02/2011 14:59:18, Error: Service Control Manager [7001] - The COM+ System Application service depends on the System Event Notification Service service which failed to start because of the following error: The system cannot find the file specified.
09/02/2011 14:47:32, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: Access is denied.
09/02/2011 14:22:26, Error: Service Control Manager [7024] - The Network Location Awareness service terminated with service-specific error 3221226008 (0xC0000218).
09/02/2011 14:22:25, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The operation completed successfully.
09/02/2011 14:20:22, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service has not been started.
09/02/2011 13:50:06, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: An instance of the service is already running.
09/02/2011 13:48:06, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
==== End Of File ===========================
-
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
================================================== ==========================
Upload GMER file here: Free File Hosting - Online Storage; Upload Mp3, Videos, Music. Backup Files
Post download link (copy URL: link):
-
-
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
Thanks for your reply
Combofix would not run in Normal mode, so I deleted the file downloaded another and renamed it and booted in Safe Mode.
I have tried to run Combofix with the three links of rkill.exe that you gave me but it will not finish to prepare a log.
Here are some logs from rkill.exe
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 11/02/2011 at 18:11:12.
Operating System: Windows (TM) Vista Ultimate
Processes terminated by Rkill or while it was running:
Rkill completed on 11/02/2011 at 18:11:14.
-------------------------------------------------
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 11/02/2011 at 18:39:22.
Operating System: Windows (TM) Vista Ultimate
Processes terminated by Rkill or while it was running:
C:\Windows\SysWOW64\InfDefaultInstall.exe
C:\Windows\SysWOW64\InfDefaultInstall.exe
Rkill completed on 11/02/2011 at 18:39:27.
I see that it did find something in this log but combofix stopped again
I have tried about 8-10 times with renamed combofix in safe mode and the same happens
Thanks
-
I ran it again in normal mode, ran rkill and combofix as soon as it went to windows screen, combofix crashed but got another rkill log
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 11/02/2011 at 19:20:42.
Operating System: Windows (TM) Vista Ultimate
Processes terminated by Rkill or while it was running:
C:\Windows\SysWOW64\InfDefaultInstall.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\grpconv.exe
Rkill completed on 11/02/2011 at 19:20:44.
-
Download TDSSKiller and save it to your desktop.
- Extract (unzip) its contents to your desktop.
- Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
-
2011/02/11 20:45:10.0997 3952 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/11 20:45:10.0997 3952 ================================================== ==============================
2011/02/11 20:45:10.0997 3952 SystemInfo:
2011/02/11 20:45:10.0997 3952
2011/02/11 20:45:10.0997 3952 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/11 20:45:10.0997 3952 Product type: Workstation
2011/02/11 20:45:10.0997 3952 ComputerName: HOME-PC
2011/02/11 20:45:10.0997 3952 UserName: Home
2011/02/11 20:45:10.0997 3952 Windows directory: C:\Windows
2011/02/11 20:45:10.0997 3952 System windows directory: C:\Windows
2011/02/11 20:45:10.0997 3952 Running under WOW64
2011/02/11 20:45:10.0997 3952 Processor architecture: Intel x64
2011/02/11 20:45:10.0997 3952 Number of processors: 4
2011/02/11 20:45:10.0997 3952 Page size: 0x1000
2011/02/11 20:45:10.0997 3952 Boot type: Normal boot
2011/02/11 20:45:10.0997 3952 ================================================== ==============================
2011/02/11 20:45:11.0216 3952 Initialize success
2011/02/11 20:45:15.0490 3980 ================================================== ==============================
2011/02/11 20:45:15.0490 3980 Scan started
2011/02/11 20:45:15.0490 3980 Mode: Manual;
2011/02/11 20:45:15.0490 3980 ================================================== ==============================
2011/02/11 20:45:16.0145 3980 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/02/11 20:45:16.0208 3980 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
2011/02/11 20:45:16.0255 3980 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
2011/02/11 20:45:16.0270 3980 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
2011/02/11 20:45:16.0301 3980 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
2011/02/11 20:45:16.0333 3980 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/02/11 20:45:16.0364 3980 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
2011/02/11 20:45:16.0379 3980 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/02/11 20:45:16.0411 3980 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/02/11 20:45:16.0551 3980 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/02/11 20:45:16.0598 3980 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/02/11 20:45:16.0613 3980 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
2011/02/11 20:45:16.0785 3980 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/11 20:45:17.0003 3980 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/02/11 20:45:17.0035 3980 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
2011/02/11 20:45:17.0113 3980 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
2011/02/11 20:45:17.0128 3980 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
2011/02/11 20:45:17.0175 3980 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/11 20:45:17.0206 3980 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/02/11 20:45:17.0237 3980 AtiHDAudioService (5d6566d19fccaf8a10d46b6c479227a9) C:\Windows\system32\drivers\AtihdLH6.sys
2011/02/11 20:45:17.0269 3980 AtiHdmiService (19aaa5fa3a9804b8722f7b95649fb6c9) C:\Windows\system32\drivers\AtiHdmi.sys
2011/02/11 20:45:17.0503 3980 atikmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/11 20:45:17.0565 3980 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/02/11 20:45:17.0627 3980 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/02/11 20:45:17.0674 3980 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/02/11 20:45:17.0752 3980 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/11 20:45:17.0783 3980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/11 20:45:17.0799 3980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/02/11 20:45:17.0815 3980 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/02/11 20:45:17.0830 3980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/02/11 20:45:17.0846 3980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/11 20:45:17.0861 3980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/02/11 20:45:17.0877 3980 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/02/11 20:45:17.0908 3980 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/11 20:45:17.0939 3980 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/11 20:45:17.0971 3980 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
2011/02/11 20:45:18.0002 3980 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/02/11 20:45:18.0064 3980 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/02/11 20:45:18.0111 3980 Compbatt (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
2011/02/11 20:45:18.0220 3980 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
2011/02/11 20:45:18.0236 3980 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
2011/02/11 20:45:18.0267 3980 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
2011/02/11 20:45:18.0314 3980 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/02/11 20:45:18.0361 3980 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/02/11 20:45:18.0392 3980 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/02/11 20:45:18.0439 3980 DualCoreCenter (21cefcd380d436bc0cd8a6eda1f00227) C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys
2011/02/11 20:45:18.0517 3980 DXGKrnl (1d96e28ebcd96ad1b44a3fd02ca6433d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/11 20:45:18.0563 3980 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/02/11 20:45:18.0657 3980 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/02/11 20:45:18.0688 3980 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
2011/02/11 20:45:18.0735 3980 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
2011/02/11 20:45:18.0813 3980 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/02/11 20:45:18.0860 3980 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/02/11 20:45:18.0922 3980 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/11 20:45:18.0969 3980 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/02/11 20:45:19.0000 3980 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/02/11 20:45:19.0031 3980 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/11 20:45:19.0063 3980 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/02/11 20:45:19.0125 3980 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/11 20:45:19.0172 3980 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/11 20:45:19.0187 3980 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/11 20:45:19.0281 3980 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/02/11 20:45:19.0343 3980 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/11 20:45:19.0375 3980 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/02/11 20:45:19.0390 3980 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/02/11 20:45:19.0421 3980 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/11 20:45:19.0453 3980 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
2011/02/11 20:45:19.0499 3980 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/02/11 20:45:19.0577 3980 HWiNFO32 (f8f3f77fde3759d81247659f10f9cf66) F:\Program files\HWiNFO32\HWiNFO64A.SYS
2011/02/11 20:45:19.0640 3980 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
2011/02/11 20:45:19.0671 3980 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/11 20:45:19.0702 3980 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
2011/02/11 20:45:19.0718 3980 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/02/11 20:45:19.0858 3980 IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/11 20:45:19.0936 3980 intelide (36a266c673812878996f72b200203fbb) C:\Windows\system32\drivers\intelide.sys
2011/02/11 20:45:19.0952 3980 intelppm (cd802075728e514548841dcc3f8b0220) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/11 20:45:19.0983 3980 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/11 20:45:20.0014 3980 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/11 20:45:20.0045 3980 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/11 20:45:20.0077 3980 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/02/11 20:45:20.0108 3980 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
2011/02/11 20:45:20.0139 3980 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/11 20:45:20.0155 3980 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/02/11 20:45:20.0201 3980 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/02/11 20:45:20.0248 3980 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/11 20:45:20.0311 3980 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/11 20:45:20.0342 3980 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/11 20:45:20.0373 3980 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/02/11 20:45:20.0435 3980 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
2011/02/11 20:45:20.0451 3980 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/11 20:45:20.0482 3980 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/11 20:45:20.0513 3980 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/11 20:45:20.0545 3980 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/11 20:45:20.0576 3980 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/02/11 20:45:20.0638 3980 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
2011/02/11 20:45:20.0685 3980 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/11 20:45:20.0716 3980 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/11 20:45:20.0747 3980 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/11 20:45:20.0779 3980 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/02/11 20:45:20.0810 3980 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
2011/02/11 20:45:20.0841 3980 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/11 20:45:20.0872 3980 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/11 20:45:20.0919 3980 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/02/11 20:45:20.0950 3980 mrxsmb (d58d129e26705e83a4deba7177eb7972) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/11 20:45:20.0981 3980 mrxsmb10 (d5be5c14e0f1dc489f5bb2a67983f630) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/11 20:45:20.0997 3980 mrxsmb20 (09a2990c3b293c212816c9bc0d7c200e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/11 20:45:21.0028 3980 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
2011/02/11 20:45:21.0106 3980 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
2011/02/11 20:45:21.0137 3980 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/02/11 20:45:21.0184 3980 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/02/11 20:45:21.0231 3980 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/11 20:45:21.0262 3980 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/11 20:45:21.0293 3980 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/02/11 20:45:21.0309 3980 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/02/11 20:45:21.0340 3980 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/11 20:45:21.0356 3980 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/02/11 20:45:21.0387 3980 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/02/11 20:45:21.0434 3980 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/11 20:45:21.0496 3980 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/02/11 20:45:21.0527 3980 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/11 20:45:21.0559 3980 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/11 20:45:21.0590 3980 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/11 20:45:21.0621 3980 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/02/11 20:45:21.0652 3980 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/11 20:45:21.0683 3980 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/11 20:45:21.0715 3980 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/02/11 20:45:21.0777 3980 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/02/11 20:45:21.0808 3980 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/11 20:45:21.0855 3980 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/02/11 20:45:21.0917 3980 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/02/11 20:45:21.0964 3980 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/11 20:45:21.0995 3980 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/02/11 20:45:22.0027 3980 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/02/11 20:45:22.0058 3980 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/02/11 20:45:22.0058 3980 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/02/11 20:45:22.0105 3980 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/02/11 20:45:22.0151 3980 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/02/11 20:45:22.0229 3980 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/11 20:45:22.0261 3980 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
2011/02/11 20:45:22.0292 3980 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/11 20:45:22.0339 3980 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
2011/02/11 20:45:22.0385 3980 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/02/11 20:45:22.0417 3980 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/11 20:45:22.0448 3980 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/11 20:45:22.0463 3980 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/11 20:45:22.0495 3980 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/11 20:45:22.0541 3980 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/11 20:45:22.0588 3980 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/11 20:45:22.0619 3980 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/11 20:45:22.0651 3980 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/02/11 20:45:22.0666 3980 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/11 20:45:22.0682 3980 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/02/11 20:45:22.0744 3980 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.22\RivaTuner64.sys
2011/02/11 20:45:22.0822 3980 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/11 20:45:22.0869 3980 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/02/11 20:45:22.0916 3980 RTL8169 (96beb00a42bdea315ea61c90b29d0bc0) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/02/11 20:45:22.0947 3980 RushTopDevice2 (f86ed44261ac62e915fb0e4b2133039d) C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys
2011/02/11 20:45:22.0963 3980 RushTopDevice_J (ed4061d042a21961a94bab25fd505f6a) C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys
2011/02/11 20:45:23.0025 3980 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/02/11 20:45:23.0056 3980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/11 20:45:23.0087 3980 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/11 20:45:23.0119 3980 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
2011/02/11 20:45:23.0165 3980 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/02/11 20:45:23.0228 3980 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
2011/02/11 20:45:23.0243 3980 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/11 20:45:23.0259 3980 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/11 20:45:23.0275 3980 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/02/11 20:45:23.0290 3980 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
2011/02/11 20:45:23.0306 3980 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
2011/02/11 20:45:23.0337 3980 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/02/11 20:45:23.0384 3980 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/02/11 20:45:23.0431 3980 srv (b905f2549517ec427d3e74c52fafe735) C:\Windows\system32\DRIVERS\srv.sys
2011/02/11 20:45:23.0462 3980 srv2 (4bd25bf8666ce3f089579e05fe659ed2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/11 20:45:23.0493 3980 srvnet (caea15e0e52fb15a2c8b505643228057) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/11 20:45:23.0524 3980 ST330 (7b6e1e5094a2d0cc884a6be05ff805ec) C:\Windows\system32\DRIVERS\st330.sys
2011/02/11 20:45:23.0540 3980 STBUS (ba847a2ebc01fc9ba94e0e9a6ee4b2b7) C:\Windows\system32\DRIVERS\stbus.sys
2011/02/11 20:45:23.0587 3980 stppp (2694bbffc197cbab2614f312ff514358) C:\Windows\system32\DRIVERS\stppp.sys
2011/02/11 20:45:23.0618 3980 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/11 20:45:23.0680 3980 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/02/11 20:45:23.0680 3980 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/02/11 20:45:23.0711 3980 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/02/11 20:45:23.0789 3980 Tcpip (b4b7b375fdd672af79b0cbe9b9a48b47) C:\Windows\system32\drivers\tcpip.sys
2011/02/11 20:45:23.0899 3980 Tcpip6 (b4b7b375fdd672af79b0cbe9b9a48b47) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/11 20:45:23.0945 3980 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/11 20:45:23.0977 3980 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/02/11 20:45:24.0008 3980 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/02/11 20:45:24.0039 3980 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/11 20:45:24.0070 3980 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/11 20:45:24.0133 3980 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/11 20:45:24.0179 3980 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/11 20:45:24.0211 3980 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/11 20:45:24.0242 3980 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
2011/02/11 20:45:24.0273 3980 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/11 20:45:24.0304 3980 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/11 20:45:24.0320 3980 uliahci (4ad16ebc2155db16c13e87d281b12fa0) C:\Windows\system32\drivers\uliahci.sys
2011/02/11 20:45:24.0351 3980 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/02/11 20:45:24.0367 3980 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/02/11 20:45:24.0398 3980 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/11 20:45:24.0429 3980 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/11 20:45:24.0460 3980 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/02/11 20:45:24.0569 3980 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/11 20:45:24.0647 3980 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/11 20:45:24.0757 3980 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/11 20:45:24.0803 3980 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/11 20:45:24.0835 3980 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/11 20:45:24.0881 3980 usbuhci (7bf55d2538740b25936e93553e5d190d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/11 20:45:24.0928 3980 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/11 20:45:24.0975 3980 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/02/11 20:45:24.0991 3980 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/02/11 20:45:25.0022 3980 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/02/11 20:45:25.0053 3980 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/02/11 20:45:25.0084 3980 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/02/11 20:45:25.0115 3980 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
2011/02/11 20:45:25.0147 3980 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/02/11 20:45:25.0178 3980 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/11 20:45:25.0193 3980 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/11 20:45:25.0209 3980 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
2011/02/11 20:45:25.0271 3980 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/11 20:45:25.0365 3980 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/11 20:45:25.0427 3980 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/11 20:45:25.0505 3980 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/11 20:45:25.0568 3980 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
2011/02/11 20:45:25.0708 3980 ================================================== ==============================
2011/02/11 20:45:25.0708 3980 Scan finished
2011/02/11 20:45:25.0708 3980 ================================================== ==============================
-
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
OTL.exe would not run, message said it is not a valid Win32 application
I renamed it and it worked
OTL logfile created on: 11/02/2011 21:17:55 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.73 Gb Total Space | 90.78 Gb Free Space | 64.96% Space Free | Partition Type: NTFS
Drive D: | 3.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 968.36 Mb Total Space | 936.30 Mb Free Space | 96.69% Space Free | Partition Type: FAT
Drive F: | 586.40 Gb Total Space | 402.50 Gb Free Space | 68.64% Space Free | Partition Type: NTFS
Drive G: | 9.76 Gb Total Space | 9.09 Gb Free Space | 93.14% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/02/11 21:16:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\sss.exe
PRC - [2010/12/09 0652 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/01 19:54:14 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/11/03 17:14:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/03 17:14:44 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/09/08 11:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) -- C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
PRC - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
========== Modules (SafeList) ==========
MOD - [2011/02/11 21:16:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\sss.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/01/05 02:57:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/04 22:07:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2008/01/19 08:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/19 08:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/19 08:00:40 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (SENS)
SRV:64bit: - [2008/01/19 08:00:40 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (SCPolicySvc)
SRV:64bit: - [2008/01/19 08:00:40 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (CertPropSvc)
SRV - [2010/12/14 16:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/12/09 0652 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/12/01 19:54:14 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/03 17:14:44 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/06/30 22:36:17 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/14 10:46:41 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/23 04:39:00 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/27 23:03:56 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/08 11:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe -- (AMDFusionSVC)
SRV - [2009/03/30 04:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/01/05 03:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/01/05 03:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/05 02:19:38 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/23 22:31:28 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/11/17 12:04:18 | 000,111,120 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/06/05 22:36:27 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/28 14:33:34 | 000,114,176 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/01/27 10:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/10/11 00:39:25 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stppp.sys -- (stppp)
DRV:64bit: - [2009/04/22 13:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2009/03/17 19:17:22 | 000,196,096 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/11 03:55:48 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/12/22 15:58:02 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\st330.sys -- (ST330)
DRV:64bit: - [2008/12/22 15:58:02 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stbus.sys -- (STBUS)
DRV:64bit: - [2008/09/17 13:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/19 06:30:09 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2006/09/18 21:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2010/05/03 20:30:06 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.22\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/04/12 10:36:26 | 000,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys -- (DualCoreCenter)
DRV - [2009/05/21 12:40:44 | 000,029,288 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- F:\Program files\HWiNFO32\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2009/03/05 21:55:20 | 000,033,080 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys -- (RushTopDevice_J)
DRV - [2008/12/19 03:17:36 | 000,075,576 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys -- (RushTopDevice2)
DRV - [2004/06/22 16:44:00 | 000,005,632 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Web Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = Yahoo! SearchBar Home Page
IE - HKLM\..\URLSearchHook: {5a501d13-b97d-4690-8983-3185556107c8} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3286773807-2723212744-1122951548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Web Search
IE - HKU\S-1-5-21-3286773807-2723212744-1122951548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
IE - HKU\S-1-5-21-3286773807-2723212744-1122951548-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3286773807-2723212744-1122951548-1000\..\URLSearchHook: {5a501d13-b97d-4690-8983-3185556107c8} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3286773807-2723212744-1122951548-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3286773807-2723212744-1122951548-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "http://home.bt.yahoo.com/"
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/11 16:18:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/11 16:18:52 | 000,000,000 | ---D | M]
[2009/10/11 00:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2011/02/08 08:31:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Prof iles\141ktduv.default\extensions
[2010/10/22 10:19:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Prof iles\141ktduv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/24 17:06:07 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Prof iles\141ktduv.default\extensions\2020Player@2020Te chnologies.com
[2009/10/11 00:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/18 21:27:11 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/18 21:27:12 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/18 21:27:12 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/18 21:27:12 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/05/08 23:13:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5a501d13-b97d-4690-8983-3185556107c8} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {5a501d13-b97d-4690-8983-3185556107c8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3286773807-2723212744-1122951548-1000\..\Toolbar\WebBrowser: (no name) - {5A501D13-B97D-4690-8983-3185556107C8} - No CLSID value found.
O3 - HKU\S-1-5-21-3286773807-2723212744-1122951548-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [diagnostics] File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3286773807-2723212744-1122951548-1000..\Run: [EPSON Stylus Photo R265 Series] File not found
O4 - HKU\S-1-5-21-3286773807-2723212744-1122951548-1000..\Run: [Steam] f:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - F:\Program files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_07\bin\NPJPI150_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus.com/pub/ASUS/mis...ex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/Messen....cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary...n.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/st...r_4.0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5...ndows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/acti..._v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://clients.futuremark.com/openap...ivers/FMSI.cab (FuturemarkSystemInfoX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra73.exe) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/02 20:00:00 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{60239e38-b5e2-11de-b74a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{60239e38-b5e2-11de-b74a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2006/11/02 20:00:00 | 000,107,112 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: CertPropSvc - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
NetSvcs:64bit: SCPolicySvc - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
NetSvcs:64bit: SENS - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2011/02/11 21:16:58 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\sss.exe
[2011/02/11 20:44:53 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe
[2011/02/11 1911 | 000,000,000 | --SD | C] -- C:\nnn
[2011/02/11 19:20:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/11 18:42:35 | 000,000,000 | --SD | C] -- C:\name25970n
[2011/02/11 18:39:54 | 000,000,000 | --SD | C] -- C:\name
[2011/02/11 18:32:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/11 18:32:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/11 18:32:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/11 18:11:51 | 000,000,000 | --SD | C] -- C:\boFix
[2011/02/11 18:07:38 | 000,000,000 | --SD | C] -- C:\Com19216C
[2011/02/11 18:03:50 | 000,000,000 | --SD | C] -- C:\Com
[2011/02/11 17:54:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/11 17:53:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/10 20:47:34 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2011/02/09 1617 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\HiYo
[2011/02/09 13:26:54 | 000,196,096 | ---- | C] (Realtek Corporation ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2011/02/06 15:23:49 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\600mb
[2011/01/26 22:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/01/26 22:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ATI Stream SDK v2
[2011/01/26 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Stream
[2011/01/26 22:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/01/26 22:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/01/26 22:18:46 | 000,480,256 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/01/26 22:18:46 | 000,203,776 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/01/26 22:18:46 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/01/26 22:18:46 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/01/26 22:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/01/26 22:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/01/23 13:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011/01/23 10:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2011/01/18 11:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/01/16 22:32:51 | 000,436,224 | ---- | C] (Orbmu2k) -- C:\Users\Home\Desktop\nvidiaInspector.exe
[2011/01/14 22:51:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/01/14 22:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
========== Files - Modified Within 30 Days ==========
[2011/02/11 21:46:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/11 21:16:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\sss.exe
[2011/02/11 21:07:18 | 000,715,686 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/11 21:07:18 | 000,615,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/11 21:07:18 | 000,113,004 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/11 21:01:02 | 000,187,922 | ---- | M] () -- C:\Users\Home\Desktop\OTL.exe
[2011/02/11 20:44:04 | 000,004,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/11 20:44:04 | 000,004,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/11 20:44:04 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/11 20:44:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/11 1950 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3220FC68-71E6-4C55-A45F-AC908E0369BA}.job
[2011/02/11 18:30:04 | 004,266,810 | R--- | M] () -- C:\Users\Home\Desktop\nnn.exe
[2011/02/11 18:15:00 | 000,721,199 | ---- | M] () -- C:\Users\Home\Desktop\rkill22.exe
[2011/02/10 20:08:12 | 000,624,128 | ---- | M] () -- C:\Users\Home\Desktop\dds.scr
[2011/02/10 20:07:36 | 000,080,384 | ---- | M] () -- C:\Users\Home\Desktop\MBRCheck.exe
[2011/02/10 19:11:10 | 000,296,448 | ---- | M] () -- C:\Users\Home\Desktop\nejoz6n5.exe
[2011/02/10 11:08:26 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe
[2011/02/09 14:11:46 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/02/09 14:11:46 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/02/09 07:57:49 | 000,327,680 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/02/08 23:18:18 | 000,000,807 | ---- | M] () -- C:\Users\Home\Desktop\CoreTemp.ini
[2011/02/07 19:17:35 | 000,048,128 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/06 08:46:50 | 002,058,240 | ---- | M] () -- C:\Users\Home\Documents\Paper Y Coed.ppt
[2011/02/06 08:46:41 | 004,741,632 | ---- | M] () -- C:\Users\Home\Documents\Papur Y Coed.2ppt.ppt
[2011/02/04 21:05:29 | 001,477,699 | ---- | M] () -- C:\Users\Home\Documents\mae hen wlad fy nhadau.wma
[2011/02/04 20:45:27 | 000,006,204 | ---- | M] () -- C:\Users\Home\Documents\anna's song oh and elen.aup
[2011/01/27 23:44:14 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/01/27 23:44:14 | 000,270,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/01/27 23:42:37 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/01/23 10:23:20 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/01/22 12:04:38 | 010,584,064 | ---- | M] () -- C:\Users\Home\Documents\frind gorau mona.pub
[2011/01/22 08:51:14 | 000,000,104 | ---- | M] () -- C:\Users\Home\Desktop\E-mail - Shortcut.lnk
[2011/01/18 22:36:40 | 000,000,135 | ---- | M] () -- C:\Users\Home\AppData\Roaming\default.rss
[2011/01/18 22:36:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/01/13 22:23:21 | 000,000,270 | ---- | M] () -- C:\Users\Home\Desktop\MaxxMEM2_preview.cfg
========== Files Created - No Company Name ==========
[2011/02/11 21:01:42 | 000,187,922 | ---- | C] () -- C:\Users\Home\Desktop\OTL.exe
[2011/02/11 18:49:54 | 004,266,810 | R--- | C] () -- C:\Users\Home\Desktop\nnn.exe
[2011/02/11 18:49:50 | 000,721,199 | ---- | C] () -- C:\Users\Home\Desktop\rkill22.exe
[2011/02/11 18:32:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/11 18:32:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/11 18:32:06 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/11 18:32:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/11 18:32:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/10 20:09:17 | 000,624,128 | ---- | C] () -- C:\Users\Home\Desktop\dds.scr
[2011/02/10 20:09:14 | 000,080,384 | ---- | C] () -- C:\Users\Home\Desktop\MBRCheck.exe
[2011/02/10 19:37:49 | 000,296,448 | ---- | C] () -- C:\Users\Home\Desktop\nejoz6n5.exe
[2011/02/09 14:09:56 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011/02/09 14:09:56 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2011/02/06 08:46:41 | 004,741,632 | ---- | C] () -- C:\Users\Home\Documents\Papur Y Coed.2ppt.ppt
[2011/02/04 21:05:29 | 001,477,699 | ---- | C] () -- C:\Users\Home\Documents\mae hen wlad fy nhadau.wma
[2011/01/26 22:18:46 | 000,675,584 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/01/26 22:18:46 | 000,675,584 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/01/26 22:18:46 | 000,226,857 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2011/01/26 22:18:46 | 000,138,384 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/01/26 22:18:46 | 000,026,112 | ---- | C] () -- C:\Windows\SysNative\atitmp64.dll
[2011/01/26 22:18:46 | 000,022,280 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/01/26 22:18:46 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/26 22:18:46 | 000,002,975 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2011/01/23 10:23:20 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/01/22 12:04:38 | 010,584,064 | ---- | C] () -- C:\Users\Home\Documents\frind gorau mona.pub
[2011/01/22 08:51:14 | 000,000,104 | ---- | C] () -- C:\Users\Home\Desktop\E-mail - Shortcut.lnk
[2011/01/18 11:55:18 | 000,001,249 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2010/11/10 17:35:02 | 000,357,572 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistMSI4238.txt
[2010/11/10 17:35:02 | 000,011,170 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistUI4238.txt
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/08/29 00:09:20 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/08/21 00:05:02 | 000,418,269 | ---- | C] () -- C:\Users\Home\AppData\Local\Tempsubmit.hwbot
[2010/05/05 22:41:44 | 000,342,006 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistMSI7DD3.txt
[2010/05/05 22:41:44 | 000,011,122 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistUI7DD3.txt
[2010/05/05 21:30:12 | 000,002,551 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wpp.exe
[2010/05/05 2126 | 000,000,079 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wp4.dat
[2010/05/05 2126 | 000,000,036 | ---- | C] () -- C:\Users\Home\AppData\Roaming\skynet.dat
[2010/05/05 2126 | 000,000,002 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wp3.dat
[2010/04/16 18:05:24 | 000,001,648 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d8caps.dat
[2010/03/26 15:46:12 | 000,432,690 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistMSI0A78.txt
[2010/03/26 15:46:12 | 000,011,594 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistUI0A78.txt
[2010/02/08 22:45:20 | 000,000,136 | ---- | C] () -- C:\Windows\SysWow64\cpuz.ini
[2010/01/02 23:30:31 | 000,227,806 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_ATL90SP1_KB973924MS I18CE.txt
[2010/01/02 23:30:31 | 000,011,716 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_ATL90SP1_KB973924UI 18CE.txt
[2009/12/30 23:40:01 | 000,430,076 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistMSI35AA.txt
[2009/12/30 23:40:00 | 000,011,410 | ---- | C] () -- C:\Users\Home\AppData\Local\dd_vcredistUI35AA.txt
[2009/12/01 22:17:38 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/10/27 09:19:49 | 000,000,135 | ---- | C] () -- C:\Users\Home\AppData\Roaming\default.rss
[2009/10/27 09:19:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/10/23 18:20:08 | 000,008,864 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2009/10/18 17:10:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/18 17:10:22 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/18 15:23:22 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/10/14 16:40:25 | 000,721,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/12 09:39:17 | 000,048,128 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/11 10:16:44 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/10 22:38:17 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\regobj.dll
[2009/10/10 22:34:11 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\YCRWin32.dll
[2009/10/10 21:24:43 | 000,002,916 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps64.dat
[2009/08/02 2354 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/02 2354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/02 2354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/02 2354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/02 2354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/02 2354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/02 2354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/02 2354 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/02 2352 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/02 2352 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[1995/08/20 00:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\PCDLIB32.DLL
========== LOP Check ==========
[2009/10/15 2247 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.BitTornado
[2009/10/16 12:27:26 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Amazon
[2010/05/05 22:46:53 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ARManager
[2010/01/26 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GameSave Manager
[2010/10/18 23:08:41 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GetRightToGo
[2011/02/09 1617 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\HiYo
[2010/11/11 17:31:19 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Serif
[2010/11/10 17:26:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Sytexis Software
[2010/09/03 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TS3Client
[2011/02/11 19:31:16 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/11 1950 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3220FC68-71E6-4C55-A45F-AC908E0369BA}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2011/02/11 20:43:57 | 000,046,588 | ---- | M] () -- C:\aaw7boot.log
[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/10/11 06:17:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/01/22 20:34:44 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2011/02/11 20:43:57 | 311,746,559 | -HS- | M] () -- C:\pagefile.sys
[2011/02/11 21:13:41 | 000,000,442 | ---- | M] () -- C:\rkill.log
[2011/02/11 20:48:00 | 000,112,644 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_11.02.2011_20.45.10_log.txt
< %systemroot%\Fonts\*.com >
[2006/11/02 15:05:44 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 15:05:44 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 15:05:44 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/18 17:17:02 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 21:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/10/18 16:22:34 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/08 14:17:24 | 000,000,444 | -HS- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2009/08/05 12:48:06 | 000,378,384 | ---- | M] () -- C:\Users\Home\Desktop\Core Temp.exe
[2010/12/27 12:50:54 | 000,905,056 | ---- | M] (techPowerUp (techPowerUp! - The latest in hardware and gaming)) -- C:\Users\Home\Desktop\GPU-Z.0.5.0.exe
[2010/04/18 1819 | 001,068,544 | ---- | M] () -- C:\Users\Home\Desktop\MaxxMEM2_preview.exe
[2011/02/10 20:07:36 | 000,080,384 | ---- | M] () -- C:\Users\Home\Desktop\MBRCheck.exe
[2011/02/10 19:11:10 | 000,296,448 | ---- | M] () -- C:\Users\Home\Desktop\nejoz6n5.exe
[2011/02/11 18:30:04 | 004,266,810 | R--- | M] () -- C:\Users\Home\Desktop\nnn.exe
[2011/01/10 13:17:38 | 000,436,224 | ---- | M] (Orbmu2k) -- C:\Users\Home\Desktop\nvidiaInspector.exe
[2011/02/11 21:01:02 | 000,187,922 | ---- | M] () -- C:\Users\Home\Desktop\OTL.exe
[2011/02/11 18:15:00 | 000,721,199 | ---- | M] () -- C:\Users\Home\Desktop\rkill22.exe
[2008/03/26 20:00:46 | 000,024,576 | ---- | M] () -- C:\Users\Home\Desktop\SetLODb6.exe
[2011/02/11 21:16:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\sss.exe
[2011/02/10 11:08:26 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe
[2007/12/01 02:47:04 | 001,544,192 | ---- | M] (wwwww) -- C:\Users\Home\Desktop\wPrime.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2006/11/02 15:03:11 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/10/10 21:24:56 | 000,000,402 | -HS- | M] () -- C:\Users\Home\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 480 bytes -> C:\Users\Home\Documents\CATRIN AMSER..........;..ppp:�SummaryInformation
@Alternate Data Stream - 452 bytes -> C:\Users\Home\Documents\mona+catrin.ppp:�SummaryIn formation
@Alternate Data Stream - 452 bytes -> C:\Users\Home\Documents\catrin pink.ppp:�SummaryInformation
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP
FC5A2B2
< End of report >
OTL Extras logfile created on: 11/02/2011 21:17:55 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Home\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.73 Gb Total Space | 90.78 Gb Free Space | 64.96% Space Free | Partition Type: NTFS
Drive D: | 3.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 968.36 Mb Total Space | 936.30 Mb Free Space | 96.69% Space Free | Partition Type: FAT
Drive F: | 586.40 Gb Total Space | 402.50 Gb Free Space | 68.64% Space Free | Partition Type: NTFS
Drive G: | 9.76 Gb Total Space | 9.09 Gb Free Space | 93.14% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 61 C8 D5 27 0F 50 CA 01 [binary data]
"VistaSp2" = 7B 87 50 EC 17 50 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0722E9CD-6D1C-4096-9691-F3DEE785B7D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{0DC40FDF-19D5-4499-92CB-4ED2EB033F78}" = rport=138 | protocol=17 | dir=out | app=system |
"{13BF836D-E8E8-4FEA-BF01-48CFCD365AE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14471BEF-E0C3-48F4-853D-6BADC77469D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C29AF15-9599-454C-871E-786EF9ECEC86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2CA48953-1006-4D4F-9723-1EEEC4EB5311}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4454E7A1-2BF1-4C76-8BAF-B1BBE1D8CDED}" = lport=138 | protocol=17 | dir=in | app=system |
"{5157027A-F171-406F-BA4C-259B4571407E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5652DAF1-2BAB-4082-82B1-752B7C1104D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6000C16E-A46A-473B-B269-EDDA766CEE6F}" = rport=137 | protocol=17 | dir=out | app=system |
"{64A26798-42DA-426A-B32D-57D4829AD832}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7C843350-5332-48D2-9F41-21956706DE41}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E3F3A2E-32EC-4CC6-A7D5-DEE9992446CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A73D654F-D82F-4CB3-B59C-E843FE17F4BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{C0917018-D610-4E8D-A93D-270CB36859D9}" = lport=445 | protocol=6 | dir=in | app=system |
"{C7C176F6-A918-425F-AD6E-13C021CFBACB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D0B8E101-3901-44BB-8F77-4507143B4EFC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E5A4DD8E-D988-4A30-BE0D-7F2397C1CE6C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F4D67863-8E02-4B82-BF72-5D90AC7B8EDE}" = lport=139 | protocol=6 | dir=in | app=system |
"{FBBD27FB-1310-4405-8CB7-8E0BA85356D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{FBEC8776-0F43-41CA-9F92-265EDD07E01D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{09F60C8A-8607-4C71-9DBC-80A6D497615B}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\shattered horizon\client_exe\shattered_horizon.exe |
"{0A9A14BF-B18C-422C-84BD-AF3C8DEE6E32}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{0AF90E75-E55E-49AF-A341-0F974A6E3B8B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0B067176-28E8-46E8-A495-244FBF541F74}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0B8C132B-EEB1-41D2-BD69-1DE52EBA5A64}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\temp\installer.exe |
"{0CBE9C8D-F22A-46A5-B0E2-73DFA824B9E1}" = protocol=6 | dir=in | app=f:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe |
"{0EC5CA31-630E-4079-BC8C-BB8C823EDFD4}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\fear2\fear2.exe |
"{0F6E59E6-ACAA-41AB-9D6A-312DE60DD1F2}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\shattered horizon\client_exe\shattered_horizon.exe |
"{139EE358-A6BE-4A69-8273-FA992E5A9B90}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{18B5EC77-C0E0-46AA-9B9D-815714662A6D}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\killingfloor\system\k illingfloor.exe |
"{19016171-313F-4500-8375-D4055F4B4C9A}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{1AD4CCE1-2649-45F8-924D-571BE618F00B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{209B7C6E-97D4-40BE-9EDD-E40EF78CD61C}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{26D235CD-4A58-4C51-BF37-3E7FEA1AA300}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2A63AACA-AD3A-43DE-830D-01C910CF1BBB}" = protocol=6 | dir=out | app=system |
"{2B5F82A8-0455-4B76-843D-5F8352154E0A}" = protocol=6 | dir=in | app=f:\program files\steam\steam.exe |
"{2CDE3A97-773A-4177-8631-4ED7CD82E163}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\fear2\fear2.exe |
"{2FCCAF32-2621-489C-898D-73DB4E41FC29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3069E4B9-6616-43FA-8952-E96619163498}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{314734F9-6276-409D-B1F8-22D130047CF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3865E141-85EA-411C-9BA8-57F67B5E5245}" = protocol=17 | dir=in | app=f:\games\battlefield bad company 2\bfbc2updater.exe |
"{3C7CF32D-DA6C-4F75-9F6F-95F3D497D1E3}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{3D366A80-3646-4BD9-AE2E-7501A5AC6CE9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3F1A8512-05EB-413C-B8B0-5948D1C717FC}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{405749AE-0E62-4C73-A95F-52BD7E42F1CE}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{409BE145-A399-4B66-BDE3-8814BC48DCDE}" = protocol=6 | dir=in | app=f:\games\battlefield bad company 2\bfbc2updater.exe |
"{41D659D2-32D4-46C8-823D-C93B417426C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42904717-EDE5-4BDE-81F5-C9490740B206}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dirt 2\dirt2.exe |
"{5BEA0B55-CCC9-4BB4-B10F-1DFBFBA652C6}" = protocol=17 | dir=in | app=f:\program files\grid\grid.exe |
"{646CBCD6-EF38-4351-8020-95C59E9C2C95}" = protocol=17 | dir=in | app=f:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2betaupdater.exe |
"{66385841-150D-4CF6-A6CE-310F89E239DA}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\killingfloor\system\k illingfloor.exe |
"{67077951-F97A-438B-97C6-860A126429B1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6750DFA9-25C6-40C6-B033-289662462F08}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6A8558D7-715A-4D20-BFBF-6C11739D6EED}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\killingfloor\system\k illingfloor.exe |
"{6E2D56B6-C738-4CFA-9AEF-7079959E661E}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\shattered horizon\client_exe\shattered_horizon.exe |
"{6EA6BD30-6A39-4921-B367-A0F4E1AC853C}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{733664C3-7261-4C9F-B198-5C3C99AEB0ED}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{74FE3D64-729C-4442-A6F7-DC3E365B6567}" = protocol=17 | dir=in | app=f:\program files\steam\steam.exe |
"{791FCE06-2551-4BD3-9ED2-F4605A3E93F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EBF0B92-A1C1-4553-9543-1E12248CFA08}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\fear2\fear2.exe |
"{80E869F4-331B-4F63-8D08-9CB0DFA89FC1}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{83102A0E-3602-4499-8907-1D26418FA45C}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{8AA97700-6653-4086-A368-8A0BEEEB2D10}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dirt 2\dirt2.exe |
"{8D7EE2E8-DC29-4FAC-8E42-B34986B6DDD7}" = protocol=17 | dir=in | app=f:\program files\steam\steam.exe |
"{8EC08070-33B6-4F25-9EAE-55D4A987E101}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |
"{8F6B18BD-F778-448B-A301-E4E1338DDD4D}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{931858EA-157E-43F6-AF6A-1671BD9CC8D0}" = protocol=17 | dir=in | app=f:\games\electronic arts\medal of honor mp open beta\mohmpupdater.exe |
"{96480014-40D6-4256-BA6A-C27E4467F4B0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{99DF1197-0EBF-4E9E-AEB8-924625DCFBAB}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{9ACBDBD4-C945-47F3-BE9B-61890BDFF6E3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\techland\call of juarez - bound in blood\cojbibgame_x86.exe |
"{9C5F67EF-26B1-40E5-8141-32B52E47CD5F}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{9CB6419D-EDCA-4118-8B12-2D5AAF31A4EE}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\shattered horizon\client_exe\shattered_horizon.exe |
"{A3C0CA1B-DC6F-4800-8D9C-A7C60A47479B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A4B05D62-0957-4461-B695-73B66B5B2578}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\fear2\fear2.exe |
"{AB9714DF-B1CF-4CB4-B4F5-D10072516E58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC97A6E9-B1BE-4F62-8891-F68AFF38784D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC9D9A21-E1C9-4E0B-A001-5C383672E5FB}" = protocol=6 | dir=in | app=c:\program files (x86)\thomson\st330\service\st330service.exe |
"{B42A9007-3E37-4601-9855-888F81EB2BBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B457A454-BF00-49F9-8765-CACAE4FECE6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B4E80F6F-029C-45F7-9CBA-E55DECC9F60A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B80E04CD-09E1-4013-9BA6-50B12C1DE0EE}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\temp\installer.exe |
"{BDD450EE-1308-490F-B00F-C149D17691D2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C016E2F8-CF58-4916-8DB7-047A3AAF3FF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C2139328-A720-479F-8960-ECD142AEE583}" = protocol=17 | dir=in | app=f:\program files\battlefield2\bf2.exe |
"{C318901A-3883-47A7-9E01-E814D60CF630}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{C594CD97-6779-4807-892D-C0ED4D184E9B}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{D0D12CBC-EE4C-4E25-8038-7A2B73976BA1}" = protocol=6 | dir=in | app=f:\program files\steam\steam.exe |
"{D3FF39F7-6750-4D70-AD93-8AD233FE051D}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{DACD078F-3618-4AC2-8B6B-DAF43A1EE993}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{DAE147EA-707A-4329-946E-5917254CCE88}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{DD7C4B45-76F6-4D6F-B56E-C7E60E1F1FAC}" = protocol=17 | dir=in | app=c:\program files (x86)\thomson\st330\service\st330service.exe |
"{E077B715-AF13-4161-8FBC-1F4DE5B1CC7F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E11CFE63-402F-4D90-93EF-38662D06EC52}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{E2EE86CA-23A4-4482-BE5E-4969A89FC7BE}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\killingfloor\system\k illingfloor.exe |
"{E39E0844-7E56-4B54-8F63-59A310E53088}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E689CFF3-71A9-4329-A2DE-8A2DD34A55E8}" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{EA246E2D-6848-4F4E-9D43-D8574A694393}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{EB91C8D0-CF2C-41D0-8091-81552FDEFBF0}" = protocol=6 | dir=in | app=f:\games\electronic arts\medal of honor mp open beta\mohmpupdater.exe |
"{EBF85CE7-6C6C-41FF-8301-DEB235C6BB3D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EE4C863C-07D7-433D-9A14-86F90186D12B}" = protocol=6 | dir=in | app=f:\program files\grid\grid.exe |
"{EFA0C544-6416-4225-B606-C9B565E6808B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F793C4A1-7A69-459C-96E4-7EC89D5DEE53}" = protocol=6 | dir=in | app=f:\program files\battlefield2\bf2.exe |
"{F8182B18-6861-4865-99C8-C2024A937412}" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{F93E93EC-D3E5-45C2-A8AE-011954BBCA63}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD32491C-D8AC-4117-8698-B50F28B3C586}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{08C6F8E1-559F-4CDF-84B6-71280495F26B}C:\users\home\appdata\roaming\ugsa\uk yk.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\ugsa\ukyk.exe |
"TCP Query User{0A3197EC-C47D-4472-9CF8-6A9135C72F1E}F:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=f:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{0E477072-9342-40AC-88EE-699470F5B68E}F:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{1A608789-42D4-45C9-8525-95454DBAA863}C:\users\home\appdata\roaming\ugsa\uk yk.exe" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\ugsa\ukyk.exe |
"TCP Query User{2F5C39B3-BEA8-42E7-9A9E-26B53C6E32A1}F:\games\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=f:\games\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{3ACFE8B3-9946-4283-AAD2-553C8BC17010}F:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=f:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe |
"TCP Query User{795864E3-DF1D-4F06-99AE-7B5DCF337209}F:\games\electronic arts\medal of honor mp open beta\mohmpgame.exe" = protocol=6 | dir=in | app=f:\games\electronic arts\medal of honor mp open beta\mohmpgame.exe |
"TCP Query User{B27E0487-D660-4B8C-8727-0210DAD64AE2}F:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe" = protocol=6 | dir=in | app=f:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe |
"TCP Query User{B453DC57-C688-4CF1-AEB3-A35360CC8383}F:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=f:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{DCC2FEB3-47E5-4960-A52D-F27E7F76CC94}C:\programdata\60180c7\ms6018.exe" = protocol=6 | dir=in | app=c:\programdata\60180c7\ms6018.exe |
"TCP Query User{E6A41733-EDBC-400E-B7ED-B517CD8AC97D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{043204BD-7243-4C4F-815D-A7B004B09EFF}C:\users\home\appdata\roaming\ugsa\uk yk.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\ugsa\ukyk.exe |
"UDP Query User{07E36EA7-8B1C-4EE7-AF3D-319063E96ECF}F:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=f:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{0F2DA761-DF4D-4256-A900-21F1A87529C0}C:\programdata\60180c7\ms6018.exe" = protocol=17 | dir=in | app=c:\programdata\60180c7\ms6018.exe |
"UDP Query User{2AC95AED-32DF-46F2-B956-841FACDAD55B}F:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe |
"UDP Query User{31CD812D-768C-4873-83B2-35B237251072}F:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe" = protocol=17 | dir=in | app=f:\program files\electronic arts\battlefield bad company 2 - beta\bfbc2game.exe |
"UDP Query User{3D7B507C-99FC-4783-BCDB-9242D1CDACD2}C:\users\home\appdata\roaming\ugsa\uk yk.exe" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\ugsa\ukyk.exe |
"UDP Query User{49BEB0EF-2E2A-417D-AB66-BD60E6D93EA3}F:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=f:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{5884AA8E-E691-4373-8C25-798A250C4B75}F:\games\electronic arts\medal of honor mp open beta\mohmpgame.exe" = protocol=17 | dir=in | app=f:\games\electronic arts\medal of honor mp open beta\mohmpgame.exe |
"UDP Query User{5D8D57B7-828E-406E-8B1D-1DD9FAB39890}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B9DD8B9C-F75A-480A-A612-29081BA08E1E}F:\games\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=f:\games\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{F539CA08-3667-4479-BDA3-BA114633429C}F:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=f:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{73BA9A8F-6B40-BF79-541E-464156FBA764}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C2E0D3FE-12C4-BF5B-FC4E-052CB8833424}" = AMD Fuel
"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Defraggler" = Defraggler
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{10f324c7-6374-4475-8834-379cb8a9c9e4}" = Nero 9
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{2F37504B-EBF6-5515-2035-6E7266AE05C5}" = WMV9/VC-1 Video Playback
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4718EA71-CED3-498D-8FA9-34CB830AF2D8}" = PCMark04
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C104E56-A441-429D-A609-D8A46EB92EA1}" = PCMark05
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6331C6C0-3754-E910-7113-5013355C8E47}" = CCC Help English
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FB248E-690D-434F-94A7-248D5F1ECD70}" = AMD OverDrive
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion Utility for Desktops
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95C3927C-C899-C5D8-0EA7-67895FC979B2}" = ccc-core-static
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B210130E-835C-4581-A695-CE10616B8B55}_is1" = Driver Sweeper 2.0.5
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{ED4B50B7-C06B-57FE-7985-AA83DDBEEEF5}" = Catalyst Control Center Graphics Previews Common
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F241EC95-C81A-466E-8006-6B0B364B07A0}" = PCMark Vantage
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"38DFB2FF-77AD-4074-8C1A-AA51C538B68D" = HWBOT Unigine Heaven Benchmark Application
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTornado" = BitTornado 0.3.17
"BTHomeHub" = BTHomeHub
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"EADM" = EA Download Manager
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Fraps" = Fraps (remove only)
"Geekbench 2.1" = Geekbench 2.1
"GoToAssist" = GoToAssist Corporate
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"Magic ISO Maker v5.3 (build 0221)" = Magic ISO Maker v5.3 (build 0221)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"OpenAL" = OpenAL
"OverclockingCenter_is1" = OverclockingCenter
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RivaTuner" = RivaTuner v2.22
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Steam App 400" = Portal
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VoipOverlay" = VoipOverlay
"Watermark Image_is1" = Watermark Image software version 1.6.9.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works" = Microsoft Works 4.0
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Full Member
