Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Vista Ultimate x64 'hangs' without a reason [Solved]

Started by Zantetsuken , Aug 08 2009 11:47 PM

  • This topic is locked This topic is locked

#1
Zantetsuken
Posted 08 August 2009 - 11:47 PM

Zantetsuken

    Member

  • Member
  • PipPip
  • 12 posts
Hello everybody!

First of all, I'd like to thank you in advance for reading. I've been reading this forum for a time, and it really helped me solve a lot of problems I've ran into in my computer, and other's. Second, I am not English native, so my writing might be a bit off, please bear with me if I make a mistake in my wrtiing. Any correction will be gladly taken. smile.gif

I'm a advanced user, self-taught as most of you, but this time I've met my match in a problem with my OS which I can't seem to find a solution for.

I've installed Windows Vista Ultimate x64, back in April, after a long debate with myself and colleagues about it's advantages. I've had this problem once, a week after installing this OS, but it dissapeared after some weeks. Now it's back, and it's been with me for more than a month, and I cannot, for the life of me, find a solution.

I've posted in the Windows Vista and Windows 7 forum, and I've been told to follow this instructions, then post here. This is the original thread I've created there.

Here are the logs from MBAM and OTL, I cam not provide a log for RootRepeal, as it does not work in x64 systems.

Malwarebytes' Anti-Malware 1.40
Database version: 2583
Windows 6.0.6002 Service Pack 2

8/9/2009 2:30:24 AM
mbam-log-2009-08-09 (02-30-13).txt

Scan type: Quick Scan
Objects scanned: 74990
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


********************************************************************************************************

OTL logfile created on: 8/9/2009 2:34:46 AM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\Tomás Hearne\Desktop\Fixing
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 68.76% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 24.70 Gb Free Space | 25.29% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 243.76 Gb Free Space | 52.34% Space Free | Partition Type: NTFS
Drive E: | 88.65 Gb Total Space | 13.93 Gb Free Space | 15.71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOVALITH
Current User Name: Tomás Hearne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/06/06 11:51:15 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/08/04 07:44:09 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/08/09 02:33:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Tomás Hearne\Desktop\Fixing\6-OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 23:50:23 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt [On_Demand | Stopped])
SRV:64bit: - [2009/04/11 00:11:16 | 00,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService [Disabled | Stopped])
SRV:64bit: - [2008/11/22 15:12:56 | 01,969,944 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV:64bit: - [2009/05/14 15:54:26 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV:64bit: - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn [Auto | Running])
SRV:64bit: - [2008/02/19 09:12:32 | 00,565,928 | ---- | M] ( ) -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device [Disabled | Stopped])
SRV:64bit: - [2008/03/10 00:08:42 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe -- (mi-raysat_3dsMax2009_64 [Disabled | Stopped])
SRV:64bit: - [2009/04/11 00:11:28 | 00,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService [On_Demand | Stopped])
SRV:64bit: - [2008/01/20 23:49:28 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\svchost.exe -- (usprserv [On_Demand | Stopped])
SRV:64bit: - [2009/04/11 00:11:06 | 01,149,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine [On_Demand | Stopped])
SRV:64bit: - [2008/01/20 23:46:39 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [On_Demand | Stopped])
SRV:64bit: - [2008/01/20 23:51:24 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/06/06 11:51:15 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/29 21:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/01/20 23:50:39 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 23:50:39 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 12:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [On_Demand | Stopped])
SRV - [2009/04/28 10:01:44 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - [2009/02/18 11:40:06 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/03 14:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [Disabled | Stopped])
SRV - [2009/02/18 11:39:12 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2006/11/02 06:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Stopped])
SRV - [2008/02/19 09:12:18 | 00,537,256 | ---- | M] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe -- (lxbk_device [Disabled | Stopped])
SRV - [2006/11/02 10:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2009/04/10 23:28:24 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service [Disabled | Stopped])
SRV - [2006/11/02 03:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 03:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 36 A5 AF 44 15 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 09:56:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/08/04 07:44:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/08/04 07:44:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2009/06/27 10:37:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2009/06/02 21:22:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/04/05 20:30:52 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Extensions
[2009/04/05 20:30:52 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/08 22:04:59 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions
[2009/06/25 02:56:17 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/27 10:53:22 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/06/04 02:10:17 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/01 00:07:16 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/04/05 21:03:33 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/08/08 22:04:52 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/01 00:07:15 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/04/28 18:37:05 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions\[email protected]
[2009/04/05 20:43:09 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions\[email protected]
[2009/04/05 20:43:09 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\f6i4u7ia.default\extensions\temp
[2009/04/05 20:30:52 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\weqt8nar.default\extensions
[2009/04/05 15:15:29 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\mozilla\Firefox\Profiles\zilxttpf.default\extensions
[2009/08/08 22:04:59 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/08/04 07:44:10 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/06 10:59:51 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2009/04/06 11:32:09 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/04 07:44:08 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 07:44:08 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/02/24 16:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll
[2009/04/06 11:31:27 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/02/24 16:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll
[2009/02/24 16:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/04 07:44:09 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/06/02 21:22:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/06/02 21:22:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/02 21:22:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/02 21:22:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/02 21:22:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/02 21:22:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/02 21:22:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2009/03/03 14:53:32 | 00,109,420 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll
[2009/02/24 16:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll
[2009/06/30 13:34:11 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/30 13:34:11 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/06/30 13:34:11 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/30 13:34:11 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/06/30 13:34:11 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/06/30 13:34:11 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/30 13:34:11 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1395 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.49.130.28 200.49.130.29 200.49.130.34 172.20.2.26
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/10 21:38:34 | 26,766,06976 | ---- | M] () - D:\Autodesk 3D Max 2009.iso -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs:64bit: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs:64bit: Ias - Service key not found. File not found
NetSvcs:64bit: Irmon - Service key not found. File not found
NetSvcs:64bit: Nla - Service key not found. File not found
NetSvcs:64bit: Ntmssvc - Service key not found. File not found
NetSvcs:64bit: NWCWorkstation - Service key not found. File not found
NetSvcs:64bit: Nwsapagent - Service key not found. File not found
NetSvcs:64bit: SRService - Service key not found. File not found
NetSvcs:64bit: Wmi - Service key not found. File not found
NetSvcs:64bit: WmdmPmSp - Service key not found. File not found
NetSvcs:64bit: LogonHours - Service key not found. File not found
NetSvcs:64bit: PCAudit - Service key not found. File not found
NetSvcs:64bit: helpsvc - Service key not found. File not found
NetSvcs:64bit: uploadmgr - Service key not found. File not found
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/08/09 02:26:30 | 00,000,000 | ---D | C] -- C:\Users\Tomás Hearne\AppData\Roaming\Malwarebytes
[2009/08/09 02:26:29 | 00,000,873 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/09 02:26:26 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/08/09 02:26:24 | 00,022,040 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/08/09 02:26:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/09 02:26:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/08/09 02:24:21 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/09 02:23:37 | 00,000,770 | ---- | C] () -- C:\Users\Tomás Hearne\Desktop\NTREGOPT.lnk
[2009/08/09 02:23:37 | 00,000,751 | ---- | C] () -- C:\Users\Tomás Hearne\Desktop\ERUNT.lnk
[2009/08/09 02:23:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/08/09 02:21:13 | 00,000,000 | ---D | C] -- C:\Users\Tomás Hearne\Desktop\Fixing
[2009/08/08 22:52:14 | 00,000,000 | ---D | C] -- C:\Users\Tomás Hearne\Documents\Eidos
[2009/08/08 19:13:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2009/08/07 17:41:57 | 00,000,000 | ---D | C] -- C:\Users\Tomás Hearne\AppData\Local\Deployment
[2009/08/05 08:39:13 | 02,512,227 | -H-- | C] () -- C:\Users\Tomás Hearne\AppData\Local\IconCache.db
[2009/07/31 23:31:55 | 00,000,000 | ---D | C] -- C:\Users\Tomás Hearne\AppData\Roaming\avidemux
[2009/07/31 23:29:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Avidemux 2.5
[2009/07/28 17:17:06 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/07/28 17:17:06 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2009/07/28 00:51:49 | 00,000,000 | ---D | C] -- C:\Users\Tomás Hearne\AppData\Roaming\teamspeak2
[2009/07/28 00:51:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Teamspeak2_RC2

========== Files - Modified Within 14 Days ==========

[2009/08/09 02:26:29 | 00,000,873 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/09 02:24:45 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/08/09 02:24:45 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/08/09 02:24:45 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/08/09 02:23:37 | 00,000,770 | ---- | M] () -- C:\Users\Tomás Hearne\Desktop\NTREGOPT.lnk
[2009/08/09 02:23:37 | 00,000,751 | ---- | M] () -- C:\Users\Tomás Hearne\Desktop\ERUNT.lnk
[2009/08/09 02:18:29 | 00,033,544 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/08/09 02:18:29 | 00,033,544 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/08/09 02:18:23 | 00,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/09 02:18:22 | 00,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/09 02:18:18 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/09 02:18:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/09 02:17:29 | 02,512,227 | -H-- | M] () -- C:\Users\Tomás Hearne\AppData\Local\IconCache.db
[2009/08/08 10:27:22 | 00,086,528 | ---- | M] () -- C:\Users\Tomás Hearne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 15:37:56 | 00,001,197 | ---- | M] () -- C:\Users\Tomás Hearne\AppData\Roaming\MPQEditor.ini
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/08/03 13:36:08 | 00,022,040 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== LOP Check ==========

[2009/08/09 02:26:30 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming
[2009/06/11 02:26:24 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\ACD Systems
[2009/06/06 11:57:21 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\Autodesk
[2009/07/31 23:32:38 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\avidemux
[2009/06/24 18:33:36 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\Bioshock
[2009/04/08 20:39:01 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\BSplayer PRO
[2009/04/05 23:55:43 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\Crayon Physics Deluxe
[2009/04/06 11:50:07 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\DAEMON Tools Pro
[2009/08/07 21:51:43 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\FileZilla
[2009/04/18 16:05:24 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\FOG Downloader
[2006/11/02 12:06:33 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\Media Center Programs
[2009/04/05 23:55:47 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/04/05 23:55:50 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\Red Alert 3
[2009/04/05 23:55:51 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\Red Alert 3 Uprising
[2009/06/05 19:24:52 | 00,000,000 | RH-D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\SecuROM
[2009/07/28 00:51:50 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\teamspeak2
[2009/04/16 01:33:46 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\The Creative Assembly
[2009/04/05 20:46:25 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\Thunderbird
[2009/04/05 23:55:52 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\Ubisoft
[2009/08/08 16:29:51 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\uTorrent
[2009/04/05 23:55:53 | 00,000,000 | ---D | M] -- C:\Users\Tomás Hearne\AppData\Roaming\Ventrilo
[2009/08/09 02:18:18 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/09 02:17:33 | 00,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
< End of report >


********************************************************************************************************

OTL Extras logfile created on: 8/9/2009 2:34:46 AM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Users\Tomás Hearne\Desktop\Fixing
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 68.76% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.66 Gb Total Space | 24.70 Gb Free Space | 25.29% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 243.76 Gb Free Space | 52.34% Space Free | Partition Type: NTFS
Drive E: | 88.65 Gb Total Space | 13.93 Gb Free Space | 15.71% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOVALITH
Current User Name: Tomás Hearne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 49 F6 0C 84 E1 04 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-261884010-4272485715-4081032941-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23B523C2-0B5C-4EBE-BFDC-B92DDAD9CA8E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{AA32A0F3-5B7E-43DA-AE3F-C7034F099174}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBE305A4-D4E2-475B-89D5-DBB7D34AB67A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0429ECB5-263D-4A04-89D7-2E4CD8425FF9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{050002A7-8431-4BDE-B719-7AAF17CEEAC5}" = protocol=17 | dir=in | app=d:\capcom\street fighter iv\streetfighteriv.exe |
"{067D3C93-653D-46B8-AC4A-4CA1EB365C43}" = protocol=6 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"{06866CD0-4871-448A-849B-586D7353D674}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0A31212B-9FEA-450A-98FB-26E7AABB7BFB}" = protocol=6 | dir=in | app=f:\software\utorrent.exe |
"{11B5E2C2-2F1D-48EF-BAFD-504A2D5F143E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{2A2A7DF8-6445-4C11-B822-9C39E9E09A55}" = protocol=6 | dir=in | app=d:\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{2B3D3AA7-CE1A-4BFA-AFBD-37572558A792}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{2DE14011-DACF-4FEE-8ED0-C2EB9BACDD0C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2EBEDDF4-8216-427F-960A-35E0BC866D4A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{31C2DFC2-982A-482D-BB2E-D86C7B36D6F6}" = protocol=6 | dir=in | app=c:\users\tomás hearne\downloads\utorrent.exe |
"{3F811D4F-7E87-4AC3-924D-82F67D7E8E39}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia\prince of persia.exe |
"{5188D044-EEB8-44D2-8ABD-C14D6941EF41}" = protocol=6 | dir=in | app=d:\capcom\street fighter iv\streetfighteriv.exe |
"{56B4888A-F2AD-4116-B4A4-E012729D2706}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{58433DBD-ABA5-4D59-ACB9-DF975BAE0193}" = protocol=6 | dir=in | app=c:\users\tomás hearne\downloads\utorrent.exe |
"{5CDA1EED-0471-467A-99A4-0394F7BF9968}" = protocol=17 | dir=in | app=d:\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{5E27DF15-D04B-4E53-902F-D875CB3D96AC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{688B7D0D-2FA1-4F26-A4E4-12C678B0B591}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia\princeofpersia_launcher.exe |
"{71143385-70AE-4344-B9F0-8DBD7BA18336}" = protocol=17 | dir=in | app=d:\world of warcraft\backgrounddownloader.exe |
"{7E60BB1E-4657-4A13-ACF0-0078FFC92DD3}" = protocol=17 | dir=in | app=d:\activision\prototype\prototypef.exe |
"{7E81EDA7-B2FA-49F6-BF40-4EC90381C478}" = protocol=17 | dir=in | app=d:\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"{7FBA271D-B3F0-4B0A-9FBD-AE1F0B43C835}" = protocol=6 | dir=in | app=d:\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{80DDB918-5F29-4B81-824E-74AB5957A6D0}" = protocol=17 | dir=in | app=d:\codemasters\grid\grid.exe |
"{86B8BDB4-9F11-4BB7-82B7-F4B5A5E9FAE1}" = protocol=17 | dir=in | app=c:\users\tomás hearne\downloads\utorrent.exe |
"{8B35FDAF-04BC-4559-98D2-16890B4BF7E7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{8B5D587E-F96A-430F-9632-3BDA871B23B9}" = protocol=6 | dir=in | app=d:\activision\prototype\prototypef.exe |
"{9324733C-C0C7-4F9F-870D-2805F0C06018}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{94541A0A-0C0D-466E-9F87-F615BE93DEB4}" = protocol=17 | dir=in | app=c:\users\tomás hearne\downloads\utorrent.exe |
"{9456F038-DA1F-466C-8DB3-2E569DC9D88F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{98AFB639-D714-423C-B9D8-5F451871F287}" = protocol=17 | dir=in | app=f:\software\utorrent.exe |
"{9C8010F1-B32C-429E-8AF9-53A044E1E2D9}" = protocol=17 | dir=in | app=d:\ubisoft\prince of persia\princeofpersia_launcher.exe |
"{9D8B76CF-54F4-44C7-8CF5-12E5D651B770}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A1ABF3D2-24B8-469A-BBE9-C3B7A2B8CADC}" = protocol=6 | dir=in | app=d:\mass effect\binaries\masseffect.exe |
"{A59D0CED-3A3F-4BC8-A0BF-C132F06F399C}" = protocol=6 | dir=in | app=d:\mass effect\masseffectlauncher.exe |
"{A8363FF1-B5C8-43E0-B46F-034BC27E338C}" = protocol=17 | dir=in | app=d:\stardock games\sins of a solar empire\sins of a solar empire.exe |
"{A93C5913-954C-4C1E-A066-E7352832DE02}" = protocol=6 | dir=in | app=c:\users\tomás hearne\downloads\utorrent.exe |
"{B26EDB1F-C3A0-43A5-BC8F-774352A60DA1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B2DB3D8B-1D69-4204-B7F8-A92FB7CCC359}" = protocol=17 | dir=in | app=d:\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{B791935B-2EEA-47E7-81D1-174D79CA3324}" = protocol=6 | dir=in | app=d:\ubisoft\prince of persia\prince of persia.exe |
"{BF6E9750-4831-4692-B5E2-55C0E4C6CD15}" = protocol=17 | dir=in | app=c:\users\tomás hearne\downloads\utorrent.exe |
"{CDCAE810-3D89-467F-BA41-9FC76A2791B9}" = protocol=17 | dir=in | app=d:\mass effect\masseffectlauncher.exe |
"{D2B744F9-796D-403F-A7F2-026DC91A54A2}" = protocol=17 | dir=in | app=d:\mass effect\binaries\masseffect.exe |
"{D38DFAF8-FCB6-4C83-AB29-F9EA11271E01}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{DA879995-1B04-46C8-AF4A-0B87FA8B8DF9}" = protocol=6 | dir=in | app=d:\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{E0713CCE-C4AA-4B64-811C-6D746F911FB4}" = protocol=6 | dir=in | app=d:\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"{F2F8CC05-8BD1-4857-81E2-1F1A6DE0C809}" = protocol=6 | dir=in | app=d:\codemasters\grid\grid.exe |
"{FA2EB90A-F901-4094-8C4D-D6A4F701B649}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"TCP Query User{06EBA126-3ACD-4BEC-97B0-ABD918D0838D}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{0D3FC11C-CA55-4A17-80C2-2482D514DC98}E:\software\http file server\hfs.exe" = protocol=6 | dir=in | app=e:\software\http file server\hfs.exe |
"TCP Query User{161A611E-E00E-4B9C-87C7-6EB5EC39CB04}E:\software\http file server\hfs.exe" = protocol=6 | dir=in | app=e:\software\http file server\hfs.exe |
"TCP Query User{29008BB6-B428-46F0-BBC3-CE74F4EDB168}D:\s4 league\s4client.exe" = protocol=6 | dir=in | app=d:\s4 league\s4client.exe |
"TCP Query User{32913570-7A68-44F2-8895-88C1203CF24D}D:\s4 league\s4client.exe" = protocol=6 | dir=in | app=d:\s4 league\s4client.exe |
"TCP Query User{42DD5761-EDC1-42D1-B429-C895A09A014D}D:\world of warcraft\curse\curseclient.exe" = protocol=6 | dir=in | app=d:\world of warcraft\curse\curseclient.exe |
"TCP Query User{48BAA9DB-084B-4044-B742-BEEF910DF518}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{54CFFD72-4EA9-44AC-8277-0C81C8EACB80}D:\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=d:\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{63821264-2B80-43EB-8E48-BADD1E36AA8D}D:\codemasters\grid\grid.exe" = protocol=6 | dir=in | app=d:\codemasters\grid\grid.exe |
"TCP Query User{7D53767D-71FF-4527-AFB4-492B0EA9C780}D:\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe" = protocol=6 | dir=in | app=d:\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"TCP Query User{B3C648C9-AD19-46BE-9F88-97C7F3B8BFBB}D:\world of warcraft\curse\curseclient.exe" = protocol=6 | dir=in | app=d:\world of warcraft\curse\curseclient.exe |
"TCP Query User{B3E46E25-A10B-4D76-841D-C2420536C157}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{C8221C8C-6BDB-4B2A-B0C6-90D483313801}D:\eidos\battlestations pacific\bsp.exe" = protocol=6 | dir=in | app=d:\eidos\battlestations pacific\bsp.exe |
"TCP Query User{DDAABD53-977C-45BF-BD58-CDA2BED40D3F}D:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft\launcher.exe |
"TCP Query User{E672ADF6-3895-4BF5-B658-AFABE860F9D3}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{EF33D45E-410F-459B-A85C-F13323414B8A}D:\world of warcraft\repair.exe" = protocol=6 | dir=in | app=d:\world of warcraft\repair.exe |
"TCP Query User{F013C344-DF26-4A4F-ABB6-AEC161382E98}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{F8E5E56C-8F84-4D78-8C58-884A6D24BAD7}C:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe |
"TCP Query User{FA075F9C-B358-47D9-A732-5F66F41048BD}D:\eidos\battlestations pacific\bsp.exe" = protocol=6 | dir=in | app=d:\eidos\battlestations pacific\bsp.exe |
"UDP Query User{035B8DC1-3491-4C11-9100-6C4632C164AB}E:\software\http file server\hfs.exe" = protocol=17 | dir=in | app=e:\software\http file server\hfs.exe |
"UDP Query User{0BA29927-603E-42A3-AE10-BE8157F525D0}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{1A1DADC0-77CC-4173-AB94-2478858C1EDF}D:\s4 league\s4client.exe" = protocol=17 | dir=in | app=d:\s4 league\s4client.exe |
"UDP Query User{3E66F321-39D8-405D-9E23-AFEA362B7E91}D:\world of warcraft\curse\curseclient.exe" = protocol=17 | dir=in | app=d:\world of warcraft\curse\curseclient.exe |
"UDP Query User{40DF09C7-6A63-4E7D-9C0B-E428BA6E3BD6}D:\codemasters\grid\grid.exe" = protocol=17 | dir=in | app=d:\codemasters\grid\grid.exe |
"UDP Query User{4500DB54-034A-441E-970A-7B5BBB71ED7A}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{4ADBEDED-EB6A-44B9-81F6-A44C63CC5F7C}D:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft\launcher.exe |
"UDP Query User{50364C34-2841-4096-98CE-DC52B90CCCA5}D:\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=d:\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{51167B41-C83C-43E2-87B4-1086D057AE85}D:\world of warcraft\curse\curseclient.exe" = protocol=17 | dir=in | app=d:\world of warcraft\curse\curseclient.exe |
"UDP Query User{51E5CE41-AC4B-4044-BFC7-176D99F9EE9A}C:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe after effects cs3\support files\afterfx.exe |
"UDP Query User{53F3AF94-4D3A-42E8-AA66-4E90B1F99C0C}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{54C70671-957D-4005-8777-56F52660BFFB}D:\eidos\battlestations pacific\bsp.exe" = protocol=17 | dir=in | app=d:\eidos\battlestations pacific\bsp.exe |
"UDP Query User{5C97866F-94F7-457B-B933-3C89EF160383}E:\software\http file server\hfs.exe" = protocol=17 | dir=in | app=e:\software\http file server\hfs.exe |
"UDP Query User{86A13277-00E0-44E7-9FFF-457BCFAE6840}D:\eidos\battlestations pacific\bsp.exe" = protocol=17 | dir=in | app=d:\eidos\battlestations pacific\bsp.exe |
"UDP Query User{923436A3-6DF3-4BD1-80BA-B813E36A4E98}D:\world of warcraft\repair.exe" = protocol=17 | dir=in | app=d:\world of warcraft\repair.exe |
"UDP Query User{A60E44CF-3FC6-4086-A15F-4A00A125E742}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"UDP Query User{AC9A1094-9720-4D47-8989-2235B944A717}D:\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe" = protocol=17 | dir=in | app=d:\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |
"UDP Query User{CE984E8E-E8F3-4977-88BD-AC828C2AF4E3}D:\s4 league\s4client.exe" = protocol=17 | dir=in | app=d:\s4 league\s4client.exe |
"UDP Query User{F9C976C3-6B13-490C-B63D-87E98433073C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{155AB5E8-9913-0409-A7E7-D076DDE2AA6C}" = Autodesk 3ds Max 2009 64-bit Architectural Materials Library
"{5BD1364B-58D6-0409-8633-9B8E8D0AD52F}" = Autodesk 3ds Max 2009 64-bit ProMaterials™ Library
"{66F644DA-4ED8-4D03-83D2-A7156AA562BC}" = ESET NOD32 Antivirus
"{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{94C747AB-9FE2-48B5-AC78-2E70C5CDB951}" = Diskeeper 2009 Pro Premier
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AE303591-1BFC-48B3-881B-655298C4EDE0}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7D0751A-3F16-0409-9F9B-FF3DC390F139}" = Autodesk 3ds Max 2009 64-bit Vault 2008 Plug-In
"{CD853BA5-AA85-0409-85DC-A805D779DCA8}" = Autodesk 3ds Max 2009 64-bit Additional Maps and Material Libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EC2280DF-BBAF-0409-9359-BCCD15545FFB}" = Autodesk 3ds Max 2009 64-bit
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{FA3E35E2-F088-0409-A563-C96430FF73F6}" = Autodesk 3ds Max 2009 64-bit Vault 2009 Plug-In
"FBX Plugin 2009.0 for Max 2009 64" = FBX Plugin 2009.0 for Max 2009 64
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007 (Beta)
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3A1B1652-D70A-4D19-981E-BB15D0DBF253}" = Ghostbusters ™: The Video Game
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57EF5EE1-E32B-4EDE-9D50-3A82126800EE}" = Batman: Arkham Asylum Demo
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{69EA986B-B172-4FAA-B54D-853BD3A2B264}" = Popcap Game Collection
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}" = Orca
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C0A-1000-0000000FF1CE}_ENTERPRISE_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2770F50-89C7-433E-8E19-7148B21172EB}" = RESIDENT EVIL 5 Benchmark Version
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBAB6D5D-1DD4-4D46-B5D9-121DCAB17DEC}" = Battlestations: Pacific
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}" = Command & Conquer™ Red Alert™ 3 Uprising
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Ares" = Ares 2.1.1
"ATITool" = ATITool Overclocking Utility
"Avidemux 2.5" = Avidemux 2.5
"BSPlayerp" = BS.Player PRO
"CCleaner" = CCleaner (remove only)
"CDisplayEx_is1" = CDisplayEx 1.4
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.2.6.1
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"Mabinogi" = Mabinogi
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MSI Live Update 3" = MSI Live Update 3
"Nero8WinuE_is1" = Nero 8.3.2.1
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"RADVideo" = RAD Video Tools
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empirev1.15" = Sins of a Solar Empire
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trapcode 3DStroke" = Trapcode 3DStroke
"Trapcode Form" = Trapcode Form
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Music Player Ex" = Music Player Ex
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/7/2009 7:39:47 PM | Computer Name = Novalith | Source = Perflib | ID = 1008
Description =

Error - 8/8/2009 12:15:58 AM | Computer Name = Novalith | Source = Application Error | ID = 1000
Description = Faulting application WSCommCntr1.exe, version 17.2.56.0, time stamp
0x47ae919f, faulting module WSCommCntr1.exe, version 17.2.56.0, time stamp 0x47ae919f,
exception code 0xc0000005, fault offset 0x000000000000c8ac, process id 0xed8, application
start time 0x01ca17bc491b605a.

Error - 8/8/2009 10:05:41 AM | Computer Name = Novalith | Source = WinMgmt | ID = 10
Description =

Error - 8/8/2009 3:03:32 PM | Computer Name = Novalith | Source = WinMgmt | ID = 10
Description =

Error - 8/8/2009 6:16:25 PM | Computer Name = Novalith | Source = System Restore | ID = 8193
Description =

Error - 8/8/2009 6:47:21 PM | Computer Name = Novalith | Source = WinMgmt | ID = 10
Description =

Error - 8/8/2009 9:06:00 PM | Computer Name = Novalith | Source = WinMgmt | ID = 10
Description =

Error - 8/8/2009 11:52:07 PM | Computer Name = Novalith | Source = Perflib | ID = 1010
Description =

Error - 8/8/2009 11:52:08 PM | Computer Name = Novalith | Source = Perflib | ID = 1008
Description =

Error - 8/9/2009 1:19:56 AM | Computer Name = Novalith | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4/13/2009 10:19:55 PM | Computer Name = Novalith | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 4/13/2009 10:19:59 PM | Computer Name = Novalith | Source = volmgr | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/13/2009 10:20:28 PM | Computer Name = Novalith | Source = HTTP | ID = 15016
Description =

Error - 4/13/2009 11:35:26 PM | Computer Name = Novalith | Source = DCOM | ID = 10005
Description =

Error - 4/13/2009 11:35:26 PM | Computer Name = Novalith | Source = Service Control Manager | ID = 7009
Description =

Error - 4/13/2009 11:35:26 PM | Computer Name = Novalith | Source = Service Control Manager | ID = 7000
Description =

Error - 4/14/2009 12:36:53 AM | Computer Name = Novalith | Source = Service Control Manager | ID = 7034
Description =

Error - 4/14/2009 12:37:07 AM | Computer Name = Novalith | Source = Service Control Manager | ID = 7031
Description =

Error - 4/14/2009 12:37:27 AM | Computer Name = Novalith | Source = Service Control Manager | ID = 7034
Description =

Error - 4/14/2009 12:37:54 AM | Computer Name = Novalith | Source = Service Control Manager | ID = 7031
Description =


< End of report >

********************************************************************************************************

And that's all. Quite a long log.

I hope it serves for something. If you require additional information, I'd be more than happy to provide it.
Anything to solve this thing.

Thanks in advance, and again, please apologize my lack of English knowledge.

Edited by Zantetsuken, 11 August 2009 - 12:21 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 13 August 2009 - 01:24 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Zantetsuken,

Welcome back to the Malware Forum.

Now it looks as if the Malwarebytes scan didn't fix what it found.

Please update it and carry out another scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Post the log back here.
  • 0

#3
Zantetsuken
Posted 13 August 2009 - 03:52 PM

Zantetsuken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hello Zantetsuken,

Welcome back to the Malware Forum.
Now it looks as if the Malwarebytes scan didn't fix what it found.
Please update it and carry out another scan.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Post the log back here.

Thanks for the answer. Here's the log:

Malwarebytes' Anti-Malware 1.40
Database version: 2617
Windows 6.0.6002 Service Pack 2

8/13/2009 6:50:25 PM
mbam-log-2009-08-13 (18-50-25).txt

Scan type: Quick Scan
Objects scanned: 76290
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

***********************************************************

I'd like to add something: The error I've been experiencing, this lockup, has been ocurring more frequently than before.
But I found something new, that might help:

When the computers starts to hang, as described above, when I press Ctrl + Alt + Del nothing happens, but after a while, the screen turns black and the following dialog appears:

"Logon process has failed to create the security options dialog"
"Failure - Security"

I hope it gives insight to what's happening. I just cannot understand.
  • 0

#4
emeraldnzl
Posted 13 August 2009 - 04:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

"Logon process has failed to create the security options dialog"


I am wondering whether this is caused by Windows Defender.

How to turn Windows Defender on or off

Applies to all editions of Windows Vista.

1. Open Windows Defender by clicking the Start button , clicking All Programs, and then clicking Windows Defender.

2. Click Tools, and then click Options.

3. Under Administrator options, select or clear the Use Windows Defender check box, and then click Save.

Administrator permission required. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Another option might be to update it:

http://www.microsoft...;displaylang=en

Try turning it off first and see if that makes a difference.

Let me know how you get on.
  • 0

#5
Zantetsuken
Posted 13 August 2009 - 10:51 PM

Zantetsuken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I already had the Windows Defender service disabled, a long time ago, so that's not a problem.
  • 0

#6
emeraldnzl
Posted 14 August 2009 - 01:20 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I already had the Windows Defender service disabled, a long time ago, so that's not a problem.


May come back to that if we don't find something else causing it. It might be that even when disabled an out of date Windows Defender can cause problems.

For now

Let's try this one.

It is a pretty big download at 28mb's but is very useful at detecting\cleaning rootkits or whatever it finds.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file, name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#7
Zantetsuken
Posted 17 August 2009 - 10:17 AM

Zantetsuken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
First of all, thanks again for the answer. Second, sorry for the delay.

As I explained before, I received an error message ("Logon process has failed to create the security options dialog"), and searching Google and this forum about it, I believe I've found a solution in a post made in this forum here at GeeksToGo.

For what I could gather, it's a very rare error, and it's triggered by many different things. I've tried some of the ones posted in another forum, but when I tried the one this guy posted in the GeeksToGo forums, it seemed to work.
I disabled SuperFetch.

I've left my computer running since last Thursday, and it didn't hang up not only once. Before I disabled SuperFetch, it would generally hang up from 2 to 24 hours of being on, no exceptions. Now it's been running top-notch ever since, so I'll continue testing if this was the problem.

My guess is that it's not SuperFetch's fault, I really doubt that feature would cause something like this, but I believe it may have corrupted data somehow, so after a few days of no-errors, I will turn it on again, having resetting its files, and see if this happens again.

Nevertheless, I will follow the steps you just posted to make sure it wasn't something else, then I'll post back here.

Thanks again!
  • 0

#8
emeraldnzl
Posted 17 August 2009 - 09:18 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

My guess is that it's not SuperFetch's fault, I really doubt that feature would cause something like this, but I believe it may have corrupted data somehow, so after a few days of no-errors, I will turn it on again, having resetting its files, and see if this happens again.


Yes as far as I know there are not problems associated with SuperFetch.

You can go to the link below for an explanation of SuperFetch.

Just scroll down until you find the heading SuperFetch

http://en.wikipedia..../O_technologies

This Microsoft page also talks about SuperFetch.

http://www.microsoft...erformance.aspx

Have you tried repairing Vista to see if any corrupted files can be replaced?

You might find the link below helpful in carrying out an Automatic repair.

Go to Vista Automatic Repair for information on how to repair/restore your computer.

Meanwhile I look forward to seeing the Kaspersky AVP results. :)
  • 0

#9
Zantetsuken
Posted 25 August 2009 - 01:13 PM

Zantetsuken

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Kapersky didn't detect anything, after all the scans...
  • 0

#10
emeraldnzl
Posted 25 August 2009 - 04:03 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Zantetsuken,

I think your machine is clean.

If your machine is still experiencing problems you could open a topic in the Vista forum here. If you do, be sure to tell them you have been here.

Now

We have a couple of last steps to perform and then you're all set.Posted Image

Please go here to download OTC.

Run this program to remove the tools we have been using.

You will be asked to reboot the machine to finish the Cleanup process choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to. The Kaspersky AVP folder can be deleted if it is still there.

Next, we need to clean your restore points and set a new one:

Reset and Re-enable your System Restore in Vista to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.Click on the Start button to open your Start Menu.
Click on the Control Panel menu option.
Click on the System and Maintenance menu option.
Click on the System menu option.
Click on System Protection in the left-hand task list.
Click on the System Protection tab.
Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.

When you uncheck a disk you will be presented with this screen Posted Image
Click on the Turn System Protection Off button.

Press the Apply button and then the OK button.
2. Restart your computer.

3. Turn ON System Restore.Click on the Start button to open your Start Menu.
Click on the Control Panel menu option.
Click on the System and Maintenance menu option.
Click on the System menu option.
Click on System Protection in the left-hand task list.
Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

-------------------------------------------------------------------------------------------------------------------

A reminder now: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that you are clean here are some things I think are worth having a look at:

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:--------------------------------------------------------------------------------------------------------------------

A great way to check that your Microsoft and Java have the latest updates is to go to Software Inspector at Secunia.

I do this weekly. Not only do they tell you which programs need updating but they give you the link to follow.

To bolster your security go to Secunia.com to ensure essential programs are up to date.

---------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

-----------------------------------------------------------------------------------------------------------------------

If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting

Microsoft Windows Update

monthly.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0

#11
emeraldnzl
Posted 05 September 2009 - 06:23 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP