Anyways I'll be formatting all the other 3 computers since they have been infected the most unable to surf the internet and they encountering BSODs.
However my desktop is somewhat clean because Microsft Security Essentials detected about 8 viruses and apparently cleaned them. After that I ran a MBAM scan and it cleaned around 6 viruses. The logs are below.
What I want to check now is, is my computer still infected and should I go for a format as well?
Here is teh 1st MBAM Log
Malwarebytes' Anti-Malware 1.44
Database version: 3548
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
1/13/2010 6:09:11 AM
mbam-log-2010-01-13 (06-09-11).txt
Scan type: Full Scan (C:\|)
Objects scanned: 230482
Time elapsed: 3 hour(s), 16 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{23CA5465-7565-4779-8FD1-DA2B461B85E1}\RP134\A0080494.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23CA5465-7565-4779-8FD1-DA2B461B85E1}\RP134\A0080495.vxd (Rogue.sysCleaner) -> Quarantined and deleted successfully.
Here is the log today. Its clean. Also sorry but the first scan is a full scan.
Malwarebytes' Anti-Malware 1.44
Database version: 3548
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
1/15/2010 10:31:11 AM
mbam-log-2010-01-15 (10-31-11).txt
Scan type: Quick Scan
Objects scanned: 107776
Time elapsed: 5 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
I read the Malware and Spyware Cleaning Guide cleaned out all the temp files, created a registry backup however I can't run Gmer the program crashes and I get a BSOD. I have no idea why. If there is any fix for this please tell me.
Here is the OTL Log.
Thanks for all the help!
OTL logfile created on: 1/15/2010 10:54:40 AM - Run 1
OTL by OldTimer - Version 3.1.24.1 Folder = C:\Documents and Settings\Althaf Hameez\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 83.47 Gb Free Space | 35.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 119.29 Mb Total Space | 57.35 Mb Free Space | 48.07% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ALTHAFH
Current User Name: Althaf Hameez
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/01/15 10:24:53 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Althaf Hameez\My Documents\Downloads\OTL.exe
PRC - [2010/01/09 20:42:36 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/15 19:15:37 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/11/18 23:01:20 | 00,163,840 | ---- | M] () -- C:\Program Files\EyeDefender\EyeDefender.exe
PRC - [2009/11/17 01:28:38 | 00,839,168 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/09/06 12:38:06 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/09/01 10:58:03 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/05/16 08:45:52 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009/04/22 17:38:50 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/02/17 13:20:32 | 17,508,864 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/04/28 06:14:00 | 00,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2007/11/26 16:40:38 | 00,413,696 | ---- | M] (Eberhard Werle) -- C:\Program Files\Calibrize\CalibrizeResume.exe
PRC - [2004/08/04 06:26:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010/01/15 10:24:53 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Althaf Hameez\My Documents\Downloads\OTL.exe
MOD - [2004/08/04 06:27:02 | 01,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/06 12:38:06 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/09/01 10:58:03 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/08/23 09:53:29 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/05/16 08:45:52 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/05/15 21:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:2.1
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.7.20091104
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:2.0.25
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..extensions.enabledItems: {24d1fe20-76df-11de-8a39-0800200c9a66}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.85
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/09 20:42:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 20:42:48 | 00,000,000 | ---D | M]
[2009/07/08 21:46:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Extensions
[2010/01/13 17:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions
[2009/12/11 18:32:55 | 00,000,000 | ---D | M] (ANTHEM) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2009/07/24 22:16:11 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{24d1fe20-76df-11de-8a39-0800200c9a66}
[2009/09/26 20:56:25 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2009/11/05 21:47:29 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/11 18:32:58 | 00,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/12/11 18:33:01 | 00,000,000 | ---D | M] (Google Redesigned) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/01/08 20:16:19 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/07 22:52:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\[email protected]
[2009/07/10 13:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\[email protected]
[2009/11/07 22:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Profiles\71z2tuv2.default\extensions\yetanothersmoothscrolling@kataho
[2010/01/13 17:55:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/08 22:25:27 | 00,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/12/18 06:01:54 | 00,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [CalibrizeResume] C:\Program Files\Calibrize\CalibrizeResume.exe (Eberhard Werle)
O4 - HKCU..\Run: [CGFLoader] C:\Program Files\Calibrize\CalibrizeLoader.exe (Colorjinn)
O4 - HKCU..\Run: [EyeDefender] C:\Program Files\EyeDefender\EyeDefender.exe ()
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [TransBar] C:\Documents and Settings\Althaf Hameez\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe (AKSoftware)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Althaf Hameez\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/08 20:48:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\AutoRun\command - "" = F:\e9naq.exe -- File not found
O33 - MountPoints2\{3dd696f0-f935-11de-9b30-001fd008249b}\Shell\open\Command - "" = F:\e9naq.exe -- File not found
O33 - MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\AutoRun\command - "" = wscript.exe bit2008_BEST4EVER.VBS
O33 - MountPoints2\{79ce9b86-e962-11de-9afc-001fd008249b}\Shell\open\Command - "" = wscript.exe bit2008_BEST4EVER.VBS
O33 - MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\Shell\AutoplaY\cOmmAnd - "" = fbyd.pif
O33 - MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\Shell\AutoRun\command - "" = fbyd.pif
O33 - MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\Shell\eXPlOre\COmmANd - "" = fbyd.pif
O33 - MountPoints2\{c0b1c833-6c68-11de-833d-001fd008249b}\Shell\Open\CoMmAnd - "" = fbyd.pif
O33 - MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\Shell\AutoRun\command - "" = wscript.exe bit2008_BEST4EVER.VBS
O33 - MountPoints2\{d9af201d-915d-11de-99f6-001fd008249b}\Shell\open\Command - "" = wscript.exe bit2008_BEST4EVER.VBS
O33 - MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\AutoRun\command - "" = F:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{e12d5f4a-b0d0-11de-9a53-001fd008249b}\Shell\open\Command - "" = F:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\AutoRun\command - "" = F:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\ExploRE\CoMmaNd - "" = F:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\{e6457012-76b9-11de-9664-001fd008249b}\Shell\OPeN\commAnd - "" = F:\tmp.folder\restore.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Install.bat -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\I\Shell\configure\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\I\Shell\install\command - "" = I:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/07/09 01:51:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765225245048832)
========== Files/Folders - Created Within 14 Days ==========
[2010/01/15 10:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/01/15 10:37:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/15 10:37:02 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/14 20:42:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/01/14 20:40:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Althaf Hameez\Application Data\GlarySoft
[2010/01/14 20:36:09 | 00,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2010/01/14 19:11:39 | 00,286,720 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun503.exe
[2010/01/14 19:11:37 | 00,000,000 | ---D | C] -- C:\Program Files\TEKKEN 3
[2010/01/14 13:13:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Althaf Hameez\Desktop\Automobile
[2009/08/26 13:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/17 17:26:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2009/08/17 16:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2009/07/08 20:51:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/08 20:48:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/08 20:48:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
========== Files - Modified Within 14 Days ==========
[2010/01/15 10:50:26 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{05907B57-49A5-43FD-A1AD-E45FD3B73D3F}.job
[2010/01/15 10:48:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/15 10:47:39 | 00,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/01/15 10:47:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/15 10:47:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/15 10:34:12 | 06,553,600 | -H-- | M] () -- C:\Documents and Settings\Althaf Hameez\NTUSER.DAT
[2010/01/15 10:34:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Althaf Hameez\ntuser.ini
[2010/01/14 20:36:17 | 00,000,675 | ---- | M] () -- C:\Documents and Settings\Althaf Hameez\Desktop\Glary Utilities.lnk
[2010/01/14 19:19:25 | 11,230,294 | -H-- | M] () -- C:\Documents and Settings\Althaf Hameez\Local Settings\Application Data\IconCache.db
[2010/01/14 19:11:31 | 00,286,720 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun503.exe
[2010/01/14 13:11:32 | 07,730,800 | ---- | M] () -- C:\Documents and Settings\Althaf Hameez\Desktop\attachments_2010_01_14.zip
[2010/01/12 22:13:11 | 00,000,280 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Free Edition.job
[2010/01/10 20:50:39 | 00,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/01/10 19:59:12 | 01,183,744 | ---- | M] () -- C:\Documents and Settings\Althaf Hameez\My Documents\Bank.accdb
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2010/01/14 20:36:19 | 00,000,328 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/01/14 20:36:17 | 00,000,675 | ---- | C] () -- C:\Documents and Settings\Althaf Hameez\Desktop\Glary Utilities.lnk
[2010/01/14 13:08:47 | 07,730,800 | ---- | C] () -- C:\Documents and Settings\Althaf Hameez\Desktop\attachments_2010_01_14.zip
[2010/01/12 22:09:03 | 00,000,280 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Free Edition.job
[2009/12/17 20:29:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/12/07 16:27:39 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/12/01 01:03:46 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/10/18 07:42:47 | 00,000,096 | ---- | C] () -- C:\WINDOWS\System32\WinShake.ini
[2009/10/10 21:27:42 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\klif.sys
[2009/09/26 22:55:18 | 00,569,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/26 19:16:41 | 00,000,111 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/09/11 20:44:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/01 10:59:33 | 00,139,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/08/19 13:25:53 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/08/19 13:25:53 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/20 17:41:22 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2009/07/15 19:33:21 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/07/10 14:11:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\windowfx3.ini
[2009/07/10 14:10:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\windowfx2.ini
[2009/07/09 21:58:34 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Althaf Hameez\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/06/06 18:13:06 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2004/07/17 17:06:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
========== LOP Check ==========
[2009/08/19 14:01:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/08/13 15:10:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2009/07/15 21:39:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2009/11/11 18:08:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Amazon
[2009/12/04 21:39:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Any Audio Converter
[2009/12/02 20:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Any Video Converter
[2009/11/01 07:22:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Auslogics
[2009/12/07 16:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Canneverbe_Limited
[2009/08/19 14:01:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\DAEMON Tools Pro
[2009/09/10 18:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Flickroom.7F2D43979C1E442A06B65B60EA738890E1A9A99A.1
[2009/07/08 22:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Foxit
[2010/01/14 20:40:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\GlarySoft
[2009/08/26 11:21:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\GrabPro
[2009/07/30 19:53:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\ImgBurn
[2009/10/25 10:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\InfraRecorder
[2009/07/08 22:16:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\IObit
[2009/08/23 19:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\IrfanView
[2009/08/14 23:09:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\JGoodies
[2009/08/13 15:10:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Locktime
[2009/08/19 06:22:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\MechCAD
[2009/11/20 09:54:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\OpenDNS Updater
[2009/12/07 21:07:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Orbit
[2009/09/05 23:06:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Rainmeter
[2009/11/21 16:27:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\runic games
[2009/07/26 14:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\Spesoft Text To MP3
[2009/11/12 22:15:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\TeraCopy
[2010/01/15 10:45:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Althaf Hameez\Application Data\uTorrent
[2010/01/15 10:47:39 | 00,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/01/12 22:13:11 | 00,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Free Edition.job
[2010/01/15 10:50:26 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{05907B57-49A5-43FD-A1AD-E45FD3B73D3F}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 00,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: AGP440.SYS >
[2004/08/04 06:35:44 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 00:06:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 06:35:44 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 00:10:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 04:29:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 06:26:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 06:26:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/07 00:16:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004/08/04 06:26:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 06:26:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 06:26:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 06:26:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 05:42:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/05/16 09:09:20 | 00,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >
OTL Extras logfile created on: 1/15/2010 10:54:40 AM - Run 1
OTL by OldTimer - Version 3.1.24.1 Folder = C:\Documents and Settings\Althaf Hameez\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 83.47 Gb Free Space | 35.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 119.29 Mb Total Space | 57.35 Mb Free Space | 48.07% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ALTHAFH
Current User Name: Althaf Hameez
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"80:TCP" = 80:TCP:*:Enabled:89
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe" = C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed -- ()
"C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War -- (Epic Games, Inc.)
"C:\Program Files\CrossLoop\CrossLoopConnect.exe" = C:\Program Files\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing -- (CrossLoop)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype -- (Activision)
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Documents and Settings\Althaf Hameez\My Documents\Downloads\fre_wxp_x86_en\binfre_wxp_x86_en\zsserver.exe" = C:\Documents and Settings\Althaf Hameez\My Documents\Downloads\fre_wxp_x86_en\binfre_wxp_x86_en\zsserver.exe:*:Enabled:ZoneOS ZoneScreen wizard -- (ZoneOS)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Althaf Hameez\Desktop\L4D2\Left 4 Dead 2\left4dead2.exe" = C:\Documents and Settings\Althaf Hameez\Desktop\L4D2\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2 -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E3CCCDC-3BB2-B5D5-A547-5F157E1BADB8}" = Catalyst Control Center Core Implementation
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{131C976E-E991-40FA-163F-B29022346F01}" = CCC Help English
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 17
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java SE Development Kit 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{48EB0E22-B055-44B5-B566-057F145CB7E7}" = ManicTime
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5A53992C-48D6-D4DB-75A7-5D13388DAB9A}" = ccc-core-static
"{5D8D5D01-4BF1-4524-B4D6-54A35E7140CC}" = Jazler Radio II
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AE858CD-7AD6-D9E6-627E-E452A71896E7}" = Catalyst Control Center Graphics Full Existing
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8BC8DA36-302D-14FA-55AE-5CAAF1CA4F25}" = Catalyst Control Center Graphics Light
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A44C8D37-B36B-D378-2201-97137494E339}" = ccc-utility
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B07DF6E6-9ECA-47F3-9B04-614DDFF34804}" = Fusion
"{B0D108B8-E6D7-8021-742D-165BA1802C6F}" = Flickroom
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB37C263-9B7F-6A1C-A1B8-333C3FB80614}" = ccc-core-preinstall
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DE5CD0E9-9296-788D-F082-54454791A65E}" = Catalyst Control Center Graphics Previews Common
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EBB15EA8-B7CF-E90C-B977-18777AFC63F0}" = Catalyst Control Center HydraVision Full
"{EC27630A-EAFB-AB2A-56CC-7F5189845D85}" = Catalyst Control Center Graphics Full New
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"Any Audio Converter_is1" = Any Audio Converter 2.0.3
"Any Video Converter_is1" = Any Video Converter 2.7.7
"ATI Display Driver" = ATI Display Driver
"Atomic RAR Password Recovery_is1" = Atomic RAR Password Recovery 1.20
"Audacity_is1" = Audacity 1.2.6
"Calibrize_is1" = Calibrize 2.0
"CDisplay_is1" = CDisplay 1.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CrossLoop_is1" = CrossLoop 2.51
"Crysis WARHEAD®" = Crysis WARHEAD®
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Everything" = Everything 1.2.1.371
"Flickroom.7F2D43979C1E442A06B65B60EA738890E1A9A99A.1" = Flickroom
"Foxit Reader" = Foxit Reader
"Glary Utilities_is1" = Glary Utilities Pro 2.18.0.786
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype
"IrfanView" = IrfanView (remove only)
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"mIRC" = mIRC
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"OpenDNS Updater" = OpenDNS Updater 2.2
"Orbit_is1" = Orbit Downloader
"PowerISO" = PowerISO
"PRJPRO" = Microsoft Office Project Professional 2007
"Product_Name" = TEKKEN 3
"Rainmeter" = Rainmeter (remove only)
"Recuva" = Recuva (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"Runic Games Torchlight" = Torchlight
"ScanModule V5.1" = ScanModule V5.1
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"SopCast" = SopCast 3.2.4
"Speccy" = Speccy
"Spesoft Text To MP3 Speaker_is1" = Spesoft Text To MP3 Speaker 1.00
"SShockDeinstallKey" = System Shock2
"StepMania" = StepMania (remove only)
"TeraCopy_is1" = TeraCopy 2.01
"ViGlance" = ViGlance
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.0.0
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WindowFX" = WindowFX
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EyeDefender" = EyeDefender 1.08
"TransBar" = TransBar
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Application Detect
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/27/2009 11:39:21 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =
Error - 9/4/2009 12:11:29 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =
Error - 9/19/2009 11:19:01 PM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =
Error - 10/4/2009 6:29:24 AM | Computer Name = ALTHAFH | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,
Error - 10/4/2009 6:29:24 AM | Computer Name = ALTHAFH | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,
Error - 10/12/2009 9:54:47 AM | Computer Name = ALTHAFH | Source = WindowsLiveMessenger | ID = 15728647
Description =
Error - 10/21/2009 1:46:57 AM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 10/21/2009 1:47:03 AM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Error - 10/31/2009 9:27:10 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =
Error - 10/31/2009 10:34:14 PM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application registration.exe, version 1.0.0.54, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.
[ Application Events ]
Error - 8/27/2009 11:39:21 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =
Error - 9/4/2009 12:11:29 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =
Error - 9/19/2009 11:19:01 PM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =
Error - 10/4/2009 6:29:24 AM | Computer Name = ALTHAFH | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,
Error - 10/4/2009 6:29:24 AM | Computer Name = ALTHAFH | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,
Error - 10/12/2009 9:54:47 AM | Computer Name = ALTHAFH | Source = WindowsLiveMessenger | ID = 15728647
Description =
Error - 10/21/2009 1:46:57 AM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module , version 0.0.0.0, fault address 0x00000000.
Error - 10/21/2009 1:47:03 AM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.
Error - 10/31/2009 9:27:10 AM | Computer Name = ALTHAFH | Source = Windows Live Messenger | ID = 1000
Description =
Error - 10/31/2009 10:34:14 PM | Computer Name = ALTHAFH | Source = Application Error | ID = 1000
Description = Faulting application registration.exe, version 1.0.0.54, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.
[ System Events ]
Error - 1/15/2010 1:02:37 AM | Computer Name = ALTHAFH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/15/2010 1:02:37 AM | Computer Name = ALTHAFH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/15/2010 1:03:05 AM | Computer Name = ALTHAFH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).
Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.
Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).
Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7034
Description = The NMSAccessU service terminated unexpectedly. It has done this
1 time(s).
Error - 1/15/2010 1:03:39 AM | Computer Name = ALTHAFH | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Hamachi 2.0 Tunneling Engine service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/15/2010 1:18:00 AM | Computer Name = ALTHAFH | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >