Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Suspect a Keylogger or similar [Solved]


  • This topic is locked This topic is locked

#1
Ultramag

Ultramag

    New Member

  • Member
  • Pip
  • 4 posts
Hey Guy's,
I recently built a new system and suspect i have picked up a keylogger or something along those lines,
my internet speeds have dropped after i had my account hacked on WoW and then connection went a bit down the pan dispite the hardware.
I've ran Malware-bytes several times now and its come up with nothing everytime, I use Avast anti-virus as my main anti-virus software and neither have picked up anything out of the ordinary.
My system specs are Windows7 64bit and im running an up to date system.

Enclosed are the Malware-bytes and OTL logs, GMER wouldnt save anything into the file for some reason, when i clicked scan it said "C:\Windows\system32\config\system: The system cannot find the file specified" i tryed installing it a few times too..

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4152

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29/05/2010 00:39:01
mbam-log-2010-05-29 (00-39-01).txt

Scan type: Quick scan
Objects scanned: 116421
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 31/05/2010 23:59:39 - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Harry Tozer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 76.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 389.10 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
Drive D: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.52 Gb Total Space | 3.53 Gb Free Space | 46.99% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASUSPRO
Current User Name: Harry Tozer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/31 23:51:13 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Harry Tozer\Desktop\OTL.exe
PRC - [2010/05/31 05:45:00 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/05/25 22:26:19 | 000,395,048 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2010/05/25 22:24:57 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/05/06 21:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/04/08 09:14:20 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010/01/27 01:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/09/25 22:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/05 02:13:34 | 001,576,960 | ---- | M] (Edimax Technology Co.) -- C:\Program Files (x86)\Edimax\Common\RaUI.exe
PRC - [2009/08/19 12:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/07/14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe
PRC - [2009/03/24 12:36:36 | 000,319,488 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe


========== Modules (SafeList) ==========

MOD - [2010/05/31 23:51:13 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Harry Tozer\Desktop\OTL.exe
MOD - [2009/07/14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/28 21:43:49 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/05/06 21:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/04/07 03:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 02:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 02:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 02:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 02:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/14 02:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 02:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 02:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 02:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 02:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 02:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 02:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 02:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 02:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010/05/25 22:26:19 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/08/19 12:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/07/14 21:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009/07/14 21:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/07/14 04:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 04:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 21:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/03/24 12:36:36 | 000,319,488 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\CONFIG\DVMExportService.exe -- (MDES)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/06 21:39:27 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/05/06 21:39:06 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/05/06 21:34:30 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/05/06 21:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/05/06 21:33:50 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/04/07 03:44:06 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/07 02:23:30 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/11 11:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/09/26 07:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/09/25 22:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/09/25 22:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/04 17:49:28 | 000,718,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/14 02:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/14 02:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/14 02:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/14 02:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/14 02:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/14 01:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/14 01:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/14 01:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/14 01:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/14 01:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/14 01:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:64bit: - [2009/07/14 01:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/14 01:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/14 01:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/14 01:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/14 01:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/14 01:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/14 01:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/14 01:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/14 01:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/14 00:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/14 00:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/14 00:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/14 00:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/14 00:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/14 00:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/14 00:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 10:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/08/04 03:28:28 | 000,013,440 | R--- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 22:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 22:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 AC 18 56 39 FC CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/29 08:54:47 | 000,000,048 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{8900cb84-685a-11df-a5f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8900cb84-685a-11df-a5f1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2008/08/29 08:54:44 | 001,407,832 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 04:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/31 23:51:12 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Harry Tozer\Desktop\OTL.exe
[2010/05/31 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/05/31 17:28:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/05/31 05:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/05/31 05:44:36 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Roaming\uTorrent
[2010/05/31 05:37:33 | 000,000,000 | ---D | C] -- C:\jm
[2010/05/29 22:32:19 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\Diagnostics
[2010/05/29 04:22:36 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Roaming\Registry Mechanic
[2010/05/29 00:35:14 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Roaming\Malwarebytes
[2010/05/29 00:34:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/29 00:34:45 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/29 00:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/29 00:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/29 00:32:22 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2010/05/29 00:32:22 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2010/05/29 00:32:22 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2010/05/29 00:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/05/29 00:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/05/29 00:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2010/05/28 21:43:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/05/28 21:43:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/05/28 16:19:26 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Roaming\Apple Computer
[2010/05/28 16:19:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/05/28 16:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/28 16:19:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/28 16:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/28 16:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/05/28 16:18:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/05/28 16:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/05/28 16:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/05/28 16:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/28 16:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/28 16:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/05/28 16:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/05/28 16:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/05/28 04:12:00 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\ElevatedDiagnostics
[2010/05/28 02:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2010/05/26 17:59:15 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\Deployment
[2010/05/26 17:59:15 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\Apps
[2010/05/26 12:11:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010/05/26 12:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010/05/26 12:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/05/26 12:11:18 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/05/26 12:11:17 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/05/26 12:11:17 | 000,133,632 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/05/26 12:11:17 | 000,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/05/26 12:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010/05/26 10:05:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/05/26 03:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/05/26 03:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/05/26 03:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/26 03:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/05/26 03:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/05/26 02:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2010/05/26 02:10:12 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\Documents\My Games
[2010/05/26 02:09:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/05/26 02:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/05/26 01:23:22 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\Quartz
[2010/05/26 01:06:59 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/05/26 01:06:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/26 00:57:19 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Roaming\Macromedia
[2010/05/26 00:57:18 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Roaming\Adobe
[2010/05/26 00:57:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/05/26 00:48:18 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\Blizzard Entertainment
[2010/05/25 22:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/05/25 22:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/05/25 21:08:14 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\Microsoft Games
[2010/05/25 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010/05/25 19:46:28 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\Documents\My Received Files
[2010/05/25 19:43:56 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\Tracing
[2010/05/25 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/05/25 19:43:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/05/25 19:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/05/25 19:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/05/25 19:42:09 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/05/25 19:41:49 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/05/25 19:41:48 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/05/25 19:41:47 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/05/25 19:41:45 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/05/25 19:41:41 | 000,063,568 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/05/25 19:40:54 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/05/25 19:40:54 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/05/25 19:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/05/25 19:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/25 19:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/05/25 19:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010/05/25 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Roaming\ATI
[2010/05/25 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\ATI
[2010/05/25 19:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/05/25 19:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010/05/25 19:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010/05/25 19:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010/05/25 19:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010/05/25 19:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/05/25 19:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/05/25 19:13:26 | 000,000,000 | ---D | C] -- C:\ATI
[2010/05/25 19:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2010/05/25 18:58:00 | 000,305,152 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2010/05/25 18:57:59 | 000,718,848 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys
[2010/05/25 18:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Edimax Driver
[2010/05/25 18:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2010/05/25 18:57:48 | 002,056,192 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2010/05/25 18:57:48 | 001,597,440 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2010/05/25 18:57:48 | 001,050,624 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2010/05/25 18:57:48 | 001,050,624 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2010/05/25 18:57:48 | 000,104,448 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2010/05/25 18:57:48 | 000,104,448 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2010/05/25 18:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Edimax
[2010/05/25 18:57:38 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Roaming\InstallShield
[2010/05/25 18:41:04 | 000,000,000 | -H-D | C] -- C:\ASUS.SYS
[2010/05/25 18:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Express Gate
[2010/05/25 18:41:03 | 000,000,000 | -H-D | C] -- C:\temp
[2010/05/25 18:41:03 | 000,000,000 | -H-D | C] -- C:\dvmexp
[2010/05/25 18:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2010/05/25 18:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2010/05/25 18:39:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/05/25 18:39:22 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\Downloaded Installations
[2010/05/25 18:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2010/05/25 18:37:37 | 000,000,000 | ---D | C] -- C:\Windows\AsusInstAll
[2010/05/25 18:37:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010/05/25 18:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/05/25 18:37:23 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010/05/25 18:37:22 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010/05/25 18:37:22 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010/05/25 18:37:22 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010/05/25 18:37:20 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010/05/25 18:37:20 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010/05/25 18:37:20 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010/05/25 18:37:20 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010/05/25 18:37:19 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010/05/25 18:37:19 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010/05/25 18:37:17 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010/05/25 18:37:16 | 000,309,760 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010/05/25 18:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010/05/25 18:37:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010/05/25 18:37:04 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010/05/25 18:37:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010/05/25 18:36:32 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/25 18:33:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/05/25 18:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2010/05/25 18:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/05/25 18:09:16 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\Searches
[2010/05/25 18:09:08 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Roaming\Identities
[2010/05/25 18:09:07 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\Contacts
[2010/05/25 18:09:06 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\VirtualStore
[2010/05/25 18:08:58 | 000,000,000 | --SD | C] -- C:\Users\Harry Tozer\AppData\Roaming\Microsoft
[2010/05/25 18:08:58 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\Videos
[2010/05/25 18:08:58 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\Saved Games
[2010/05/25 18:08:58 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\Pictures
[2010/05/25 18:08:58 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\Music
[2010/05/25 18:08:58 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\Links
[2010/05/25 18:08:58 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\Favorites
[2010/05/25 18:08:58 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\Downloads
[2010/05/25 18:08:58 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\My Documents
[2010/05/25 18:08:58 | 000,000,000 | R--D | C] -- C:\Users\Harry Tozer\Desktop
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\AppData\Local\Temporary Internet Files
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\Templates
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\Start Menu
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\SendTo
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\Recent
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\PrintHood
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\NetHood
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\Documents\My Videos
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\Documents\My Pictures
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\Documents\My Music
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\My Documents
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\Local Settings
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\AppData\Local\History
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\Cookies
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\Application Data
[2010/05/25 18:08:58 | 000,000,000 | -HSD | C] -- C:\Users\Harry Tozer\AppData\Local\Application Data
[2010/05/25 18:08:58 | 000,000,000 | -H-D | C] -- C:\Users\Harry Tozer\AppData
[2010/05/25 18:08:58 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\Temp
[2010/05/25 18:08:58 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Local\Microsoft
[2010/05/25 18:08:58 | 000,000,000 | ---D | C] -- C:\Users\Harry Tozer\AppData\Roaming\Media Center Programs
[2010/05/25 18:08:52 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/05/25 18:08:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/04/07 03:13:00 | 000,455,168 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/04/07 03:12:18 | 000,202,752 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/04/07 03:10:56 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/04/07 03:10:40 | 000,421,376 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010/04/07 03:10:32 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/04/07 03:10:18 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/04/07 03:10:12 | 000,012,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/04/07 03:10:08 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010/04/07 03:10:00 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/04/07 02:46:50 | 000,055,296 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/03/09 11:21:42 | 000,123,408 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys

========== Files - Modified Within 90 Days ==========

[2010/06/01 00:00:50 | 001,048,576 | -HS- | M] () -- C:\Users\Harry Tozer\NTUSER.DAT
[2010/05/31 23:57:02 | 000,293,376 | ---- | M] () -- C:\Users\Harry Tozer\Desktop\gmer.exe
[2010/05/31 23:56:48 | 000,284,915 | ---- | M] () -- C:\Users\Harry Tozer\Desktop\gmer.zip
[2010/05/31 23:51:13 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Harry Tozer\Desktop\OTL.exe
[2010/05/31 22:33:23 | 000,001,338 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/05/31 19:02:46 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/05/31 18:59:41 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/31 18:59:41 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/31 18:58:24 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/31 18:58:24 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/31 18:58:24 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/31 18:52:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/31 18:52:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/31 18:52:12 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/31 18:50:40 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
[2010/05/31 18:50:35 | 002,332,795 | -H-- | M] () -- C:\Users\Harry Tozer\AppData\Local\IconCache.db
[2010/05/31 18:44:55 | 386,076,704 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/27 21:42:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010/05/26 12:11:18 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010/05/26 12:11:17 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010/05/26 12:11:17 | 000,133,632 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010/05/26 12:11:17 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010/05/26 09:10:06 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/26 01:09:26 | 000,041,962 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/05/26 01:09:26 | 000,041,962 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/05/25 19:48:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/05/25 19:41:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/05/25 19:15:49 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/05/25 18:58:08 | 000,001,986 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
[2010/05/25 18:57:39 | 000,000,437 | ---- | M] () -- C:\Windows\win.ini
[2010/05/25 18:54:00 | 000,057,560 | ---- | M] () -- C:\Users\Harry Tozer\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/25 18:41:49 | 000,024,193 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2010/05/25 18:41:41 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2010/05/25 18:41:18 | 000,035,222 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2010/05/25 18:40:32 | 000,000,670 | ---- | M] () -- C:\Windows\setup.iss
[2010/05/25 18:10:36 | 000,524,288 | -HS- | M] () -- C:\Users\Harry Tozer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/25 18:10:36 | 000,524,288 | -HS- | M] () -- C:\Users\Harry Tozer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/25 18:10:36 | 000,065,536 | -HS- | M] () -- C:\Users\Harry Tozer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/25 18:08:58 | 000,000,020 | -HS- | M] () -- C:\Users\Harry Tozer\ntuser.ini
[2010/05/06 21:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\avastSS.scr
[2010/05/06 21:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/05/06 21:39:27 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/05/06 21:39:06 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/05/06 21:34:30 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/05/06 21:34:14 | 000,063,568 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/05/06 21:33:50 | 000,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/07 03:16:34 | 000,038,400 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/04/07 03:13:00 | 000,455,168 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2010/04/07 03:12:18 | 000,202,752 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2010/04/07 03:10:56 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2010/04/07 03:10:40 | 000,421,376 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2010/04/07 03:10:32 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2010/04/07 03:10:18 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll
[2010/04/07 03:10:12 | 000,012,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2010/04/07 03:10:08 | 000,059,392 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2010/04/07 03:10:00 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2010/04/07 02:46:50 | 000,055,296 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2010/04/07 02:25:00 | 000,515,424 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/04/07 02:20:44 | 000,515,424 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/04/02 17:17:34 | 000,179,091 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/02 17:09:08 | 000,002,023 | ---- | M] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/02 17:09:08 | 000,002,023 | ---- | M] () -- C:\Windows\SysNative\atipblag.dat
[2010/04/01 10:34:28 | 000,020,862 | ---- | M] () -- C:\Windows\atiogl.xml
[2010/03/17 16:06:30 | 000,202,234 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2010/03/09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys

========== Files Created - No Company Name ==========

[2010/05/31 23:56:48 | 000,284,915 | ---- | C] () -- C:\Users\Harry Tozer\Desktop\gmer.zip
[2010/05/31 22:10:11 | 000,001,338 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/05/31 17:28:38 | 386,076,704 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/27 21:42:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010/05/26 01:06:33 | 529,883,135 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/25 19:48:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/05/25 19:41:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/05/25 19:15:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/25 19:10:44 | 000,000,038 | ---- | C] () -- C:\dvmaccounts.ini
[2010/05/25 18:58:08 | 000,001,986 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
[2010/05/25 18:58:00 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/05/25 18:58:00 | 000,013,931 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2010/05/25 18:51:14 | 000,000,177 | -H-- | C] () -- C:\dvmexp.idx
[2010/05/25 18:40:13 | 000,000,670 | ---- | C] () -- C:\Windows\setup.iss
[2010/05/25 18:36:48 | 000,035,222 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/05/25 18:33:17 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/05/25 18:33:17 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/05/25 18:33:12 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/05/25 18:33:12 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/05/25 18:32:21 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/05/25 18:32:16 | 000,024,193 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/05/25 18:08:58 | 001,048,576 | -HS- | C] () -- C:\Users\Harry Tozer\NTUSER.DAT
[2010/05/25 18:08:58 | 000,524,288 | -HS- | C] () -- C:\Users\Harry Tozer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/05/25 18:08:58 | 000,524,288 | -HS- | C] () -- C:\Users\Harry Tozer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/05/25 18:08:58 | 000,262,144 | -HS- | C] () -- C:\Users\Harry Tozer\ntuser.dat.LOG1
[2010/05/25 18:08:58 | 000,065,536 | -HS- | C] () -- C:\Users\Harry Tozer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/05/25 18:08:58 | 000,000,020 | -HS- | C] () -- C:\Users\Harry Tozer\ntuser.ini
[2010/05/25 18:08:58 | 000,000,000 | -HS- | C] () -- C:\Users\Harry Tozer\ntuser.dat.LOG2
[2010/04/07 03:16:34 | 000,038,400 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2010/04/07 02:25:00 | 000,515,424 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2010/04/07 02:20:44 | 000,515,424 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/04/02 17:09:08 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/04/02 17:09:08 | 000,002,023 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2010/04/01 10:34:28 | 000,020,862 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/03/17 16:06:30 | 000,202,234 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010/05/29 04:22:36 | 000,000,000 | ---D | M] -- C:\Users\Harry Tozer\AppData\Roaming\Registry Mechanic
[2010/06/01 00:00:00 | 000,000,000 | ---D | M] -- C:\Users\Harry Tozer\AppData\Roaming\uTorrent
[2009/07/14 06:08:49 | 000,007,310 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/31 18:50:40 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
[2010/05/31 19:02:46 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/05/25 18:57:54 | 000,031,950 | ---- | M] () -- C:\FAST.log
[2010/05/31 18:52:12 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 18:57:59 | 000,031,066 | ---- | M] () -- C:\LEAP.log
[2010/05/31 18:52:18 | 2138,169,343 | -HS- | M] () -- C:\pagefile.sys
[2010/05/25 18:57:57 | 000,031,114 | ---- | M] () -- C:\PEAP.log
[2010/05/25 18:37:35 | 000,002,158 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >



OTL Extras logfile created on: 31/05/2010 23:59:39 - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Harry Tozer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 76.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 389.10 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
Drive D: | 7.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.52 Gb Total Space | 3.53 Gb Free Space | 46.99% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASUSPRO
Current User Name: Harry Tozer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Edimax Wireless LAN Card
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EEA0ED5-CB59-2F06-84A7-3F7B241521B8}" = Catalyst Control Center InstallProxy
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"OpenAL" = OpenAL
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Steam App 13210" = Unreal Tournament 3: Black Edition
"Steam App 1520" = DEFCON
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 240" = Counter-Strike: Source
"Steam App 41300" = Altitude
"Steam App 440" = Team Fortress 2
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8980" = Borderlands
"uTorrent" = Torrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/05/2010 08:43:26 | Computer Name = ASUSPRO | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1620838822-QkxaMDAwMjAwYH1ERkUxODVxQUREN0Y1VzlERjIwMGA=._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 29/05/2010 23:04:34 | Computer Name = ASUSPRO | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4445c334 Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,
time stamp: 0x47e2d72b Exception code: 0xc0000005 Fault offset: 0x01ee553e Faulting
process id: 0xc7c Faulting application start time: 0x01caffa0eef8fd05 Faulting application
path: c:\program files (x86)\steam\steamapps\[email protected]\counter-strike
source\hl2.exe Faulting module path: filesystem_steam.dll Report Id: 124a6f25-6b98-11df-8c9c-485b391bf99a

Error - 30/05/2010 18:30:08 | Computer Name = ASUSPRO | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 31/05/2010 00:03:25 | Computer Name = ASUSPRO | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4445c334 Faulting module name: datacache.dll, version: 0.0.0.0, time stamp: 0x46439c7b
Exception
code: 0xc0000005 Fault offset: 0x0000b423 Faulting process id: 0x10f4 Faulting application
start time: 0x01cb0074afb079a0 Faulting application path: c:\program files (x86)\steam\steamapps\[email protected]\counter-strike
source\hl2.exe Faulting module path: c:\program files (x86)\steam\steamapps\[email protected]\counter-strike
source\bin\datacache.dll Report Id: 756330cb-6c69-11df-872d-485b391bf99a

Error - 31/05/2010 00:03:31 | Computer Name = ASUSPRO | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4445c334 Faulting module name: vguimatsurface.dll, version: 0.0.0.0, time stamp:
0x46709861 Exception code: 0xc0000005 Fault offset: 0x00017e13 Faulting process id:
0x10f4 Faulting application start time: 0x01cb0074afb079a0 Faulting application path:
c:\program files (x86)\steam\steamapps\[email protected]\counter-strike source\hl2.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\[email protected]\counter-strike
source\bin\vguimatsurface.dll Report Id: 79786b4b-6c69-11df-872d-485b391bf99a

Error - 31/05/2010 17:43:03 | Computer Name = ASUSPRO | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(F8221D006721A2879967BLZ000100`}DFE185qADD7F5FE06D7fEA._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 31/05/2010 17:43:04 | Computer Name = ASUSPRO | Source = Bonjour Service | ID = 100
Description = 576: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 31/05/2010 17:43:09 | Computer Name = ASUSPRO | Source = Bonjour Service | ID = 100
Description = 576: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 31/05/2010 17:43:14 | Computer Name = ASUSPRO | Source = Bonjour Service | ID = 100
Description = 576: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 31/05/2010 17:46:59 | Computer Name = ASUSPRO | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(F8221D006721A2879967BLZ000100`}DFE185qADD7F5FE06D7fEA._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

[ System Events ]
Error - 30/05/2010 11:27:24 | Computer Name = ASUSPRO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 30/05/2010 11:27:25 | Computer Name = ASUSPRO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 30/05/2010 11:27:27 | Computer Name = ASUSPRO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 30/05/2010 11:27:28 | Computer Name = ASUSPRO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 30/05/2010 11:27:29 | Computer Name = ASUSPRO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 30/05/2010 11:27:30 | Computer Name = ASUSPRO | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 30/05/2010 21:06:07 | Computer Name = ASUSPRO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 02:04:42 on ?31/?05/?2010 was unexpected.

Error - 31/05/2010 12:28:44 | Computer Name = ASUSPRO | Source = BugCheck | ID = 1001
Description =

Error - 31/05/2010 13:44:57 | Computer Name = ASUSPRO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:40:19 on ?31/?05/?2010 was unexpected.

Error - 31/05/2010 13:45:03 | Computer Name = ASUSPRO | Source = BugCheck | ID = 1001
Description =


< End of report >

Any help would be much appreciated as im running out of ideas's
  • 0

Advertisements


#2
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi Ultramag,

Welcome to Geeks to Go! My name is Gammo and I will be helping you fix your computer problem.
If for any reason you do not understand any of the instructions, or are just unsure then please do not guess, simply post back with your question, and we will go through it again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O33 - MountPoints2\{8900cb84-685a-11df-a5f1-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{8900cb84-685a-11df-a5f1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2008/08/29 08:54:44 | 001,407,832 | ---- | M] ()
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#3
Ultramag

Ultramag

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Gammo, thanks for replying.

I did both tests, the ESET online scan didnt find anything and wouldnt let me get a report from it, i tryed it twice too. is this a good sign?
It just told me to either download a trial or purchase the full version.
im not going to assume its all green just yet though until i have the all clear from you experts. :)


Cheers
  • 0

#4
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Are you sure you ran a scan with the ESET Online Scanner? A scan should have taken at least 30 minutes.
  • 0

#5
Ultramag

Ultramag

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
yeah i definatly did run the online scanner, i'll try it again after i post this, all it said at the end was no threats were found and asked if i wanted to buy it, i'll post another reply once its finished this time to see if it has a log, and yeah it took 37 minutes last time :S
  • 0

#6
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Your logs appears to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. :)

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :)
  • 0

#7
Ultramag

Ultramag

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ran the check seems to be okay now, only other issue is modem but thats more to do with the ISP i think so i'll be able to sort that out. other than that its all good so far :)
Thanks very much for all your help Gammo much appreciated :)

All the best.
  • 0

#8
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP