Let me just say thanks in advance.
A day or two ago this laptop suddenly began to run extremely slowly. I checked Task Manager and it reported 100% CPU usage, but it was never obvious what processes were responsible. Right now only Firefox is using 75k memory, and everything else is way lower. The Performance Monitor sometimes shows svchost.exe as consuming many resources, if that is significant.
The only recent change to my system is updating Avast!.
I'm not sure whether this is malware or a cooling problem. I'm leaning on malware because the massive slowdown is constant and begins immediately after startup, even before the laptop gets hot and the fan goes nuts. Also, the problem occurred very suddenly.
After reading your Cleaning Guide, I did the following:
1. Uninstall Avast! (I used to have both AVG and Avast! running fine for a long, long time, but didn't know it was not recommended.
2. Run TFC
3. Run ERUNT
4. Uninstall Spybot
5. Install and run MBAM
6. Avast! System scan
7. Reboot
8. Try to run GMER twice -- error caused program shutdown both times, at different spots in search
9. Run OTL (took hours)
10. Try to run GMER again -- no dice
After all that, the slowdown is the same and I'm also getting BSOD when I try to open IE.
I've attached the MBAM and OTL logs; if you have an idea about how I can get GMER to run to conclusion, I will do that.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4207
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
17/06/2010 12:20:44 AM
mbam-log-2010-06-17 (00-20-44).txt
Scan type: Quick scan
Objects scanned: 139686
Time elapsed: 56 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL logfile created on: 17/06/2010 9:00:36 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Jimmy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.58 Gb Total Space | 12.27 Gb Free Space | 11.62% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 7.66 Gb Free Space | 6.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TWODALLAHCHOW
Current User Name: Jimmy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/17 08:58:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/15 15:59:11 | 000,158,752 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 05:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/11/14 13:08:48 | 000,027,400 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2007/09/12 06:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/04/29 18:32:58 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
PRC - [2007/03/29 17:13:04 | 000,669,240 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\AVCMan\AVCMan.exe
PRC - [2007/03/22 14:46:54 | 000,448,632 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/03/09 19:17:06 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007/03/07 17:01:18 | 000,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007/02/27 23:21:10 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/02/27 22:57:56 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/02/27 17:31:34 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/02/26 00:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/21 14:28:36 | 000,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/02/21 14:10:00 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/01/30 20:47:48 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2007/01/22 11:59:08 | 000,417,792 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2006/12/20 02:16:44 | 000,411,768 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/12/04 19:00:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
PRC - [2006/11/15 01:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/11/15 00:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/11/02 05:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/06/14 14:58:00 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/01/24 02:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
========== Modules (SafeList) ==========
MOD - [2010/06/17 08:58:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/02/16 20:39:00 | 002,736,890 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/10/14 18:30:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/29 05:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 03:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 03:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/09/12 06:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 06:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/27 07:30:00 | 000,086,016 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvsvc.dll -- (nvsvc)
SRV - [2007/04/29 18:32:58 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/02/26 00:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/21 14:28:36 | 000,643,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/02/21 14:10:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/06/14 14:58:00 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
========== Driver Services (SafeList) ==========
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/26 08:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/12/11 02:17:14 | 010,236,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/07/02 05:30:08 | 000,168,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2009/06/01 07:58:52 | 000,009,728 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/08/04 01:57:24 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/22 01:28:36 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/06/04 09:34:08 | 000,122,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008/06/04 09:34:08 | 000,115,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008/06/04 09:34:08 | 000,090,408 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/06/04 09:34:08 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008/06/04 09:34:06 | 000,117,544 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008/06/04 09:34:06 | 000,111,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008/06/04 09:34:06 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/03/10 22:42:24 | 000,074,240 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\havair.sys -- (smscir)
DRV - [2008/01/23 17:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/11/14 12:29:18 | 000,047,120 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/11/08 17:01:42 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2007/09/26 01:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/06/27 07:30:00 | 007,137,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/24 10:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/24 10:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 10:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 10:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 10:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 01:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 01:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 01:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/04/14 20:32:34 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/04/05 14:22:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/03/28 19:56:34 | 000,322,816 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ttv500x.sys -- (ttv500x) TOSHIBA PCI TV Tuner(x86)
DRV - [2007/03/01 19:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/03/01 01:27:06 | 000,041,344 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/02/12 17:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/01/22 13:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 20:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/27 17:14:22 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/10 22:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/07/06 01:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/01 19:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 16:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/10/14 06:07:44 | 000,065,305 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DVXUSBLD.SYS -- (DVXUSBLD)
DRV - [2003/01/17 04:40:00 | 000,042,146 | ---- | M] (Dazzle Multimedia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DVXUSBKS.sys -- (DVXUSBKS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT1060933
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 96 F6 83 AD DC CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.87
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.6.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.1.14
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22
FF - prefs.js..keyword.URL: "http://search.condui...d=CT1060933&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/20 04:23:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 10:46:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/15 09:02:32 | 000,000,000 | ---D | M]
[2008/08/04 01:47:24 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\mozilla\Extensions
[2010/06/16 09:20:42 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\sx3235u9.default\extensions
[2010/04/18 11:07:38 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\sx3235u9.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010/05/12 14:10:18 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\sx3235u9.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
[2010/06/14 23:29:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\sx3235u9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/10 11:10:56 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\sx3235u9.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2010/04/12 23:41:58 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\sx3235u9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/15 08:53:53 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\sx3235u9.default\extensions\[email protected]
[2010/05/12 14:10:18 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\mozilla\Firefox\Profiles\sx3235u9.default\extensions\[email protected]
[2010/01/20 12:14:24 | 000,000,923 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\FireFox\Profiles\sx3235u9.default\searchplugins\conduit.xml
[2009/07/11 16:16:17 | 000,000,914 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\FireFox\Profiles\sx3235u9.default\searchplugins\dictionarycom.xml
[2009/07/11 16:20:16 | 000,000,911 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\FireFox\Profiles\sx3235u9.default\searchplugins\thesauruscom.xml
[2009/07/11 17:18:46 | 000,002,354 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\FireFox\Profiles\sx3235u9.default\searchplugins\wr-english-french.xml
[2009/07/11 17:18:35 | 000,002,354 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Mozilla\FireFox\Profiles\sx3235u9.default\searchplugins\wr-french-english.xml
[2009/11/18 10:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/05 01:06:30 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
O1 HOSTS File: ([2010/04/10 09:23:42 | 000,385,993 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 13315 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbit Downloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbit Downloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AVCMan] C:\Program Files\Toshiba\AVCMan\AVCMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\Toshiba\PasswordUtility\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [TOSCDSPD] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.2 4.2.2.3 66.241.128.14 66.241.128.15
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Jimmy\Desktop\Resources\Rock Band\Ninja Pizza Explosion 2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jimmy\Desktop\Resources\Rock Band\Ninja Pizza Explosion 2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/07/20 11:08:39 | 000,000,000 | ---D | M] - D:\autoCAD2008 -- [ NTFS ]
O33 - MountPoints2\{5da3cfd8-57af-11dd-8941-0015b7808ff1}\Shell - "" = AutoRun
O33 - MountPoints2\{5da3cfd8-57af-11dd-8941-0015b7808ff1}\Shell\AutoRun\command - "" =
O33 - MountPoints2\{5da3cfd8-57af-11dd-8941-0015b7808ff1}\Shell\dinstall\command - "" =
O33 - MountPoints2\{5da3cfdb-57af-11dd-8941-0015b7808ff1}\Shell - "" = AutoRun
O33 - MountPoints2\{5da3cfdb-57af-11dd-8941-0015b7808ff1}\Shell\AutoRun\command - "" = G:\RE2Setup.exe -- File not found
O33 - MountPoints2\{8bf837a9-2df7-11df-b01e-0015b7808ff1}\Shell - "" = AutoRun
O33 - MountPoints2\{8bf837a9-2df7-11df-b01e-0015b7808ff1}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ab331b88-374d-11de-8cbc-0015b7808ff1}\Shell\AutoRun\command - "" = I:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{de8e3f2c-009b-11de-b4c6-0015b7808ff1}\Shell - "" = AutoRun
O33 - MountPoints2\{de8e3f2c-009b-11de-b4c6-0015b7808ff1}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e05bef8d-e84d-11de-9ad3-0015b7808ff1}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/08/24 15:15:56 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/06/17 08:57:48 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
[2010/06/16 18:39:05 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Malwarebytes
[2010/06/16 18:37:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/16 18:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/16 18:37:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/16 18:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/16 18:29:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/16 18:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/16 15:55:01 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\TFC.exe
[2010/06/15 14:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/10 08:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/06/06 13:17:49 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\assembly
[2010/06/06 12:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\NCsoft
[2010/06/06 12:40:57 | 000,000,000 | -HSD | C] -- C:\Users\Jimmy\AppData\Roaming\.#
[2010/05/12 14:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Documents\Favicons
[2010/05/02 15:58:40 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\Unity
[2010/04/29 15:43:07 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\EPSON
[2010/04/18 11:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/04/18 11:05:20 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Documents\Freecorder 4
[2010/04/18 11:05:20 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\FLVService
[2010/04/18 11:05:07 | 000,000,000 | ---D | C] -- C:\Windows\Freecorder
[2010/04/18 11:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder
[2010/04/13 17:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2010/04/13 17:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2010/04/13 17:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/04/01 21:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\ShinyTales
[2010/04/01 21:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\bigup16
[2010/03/30 10:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUMOsp
[2010/03/30 10:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2010/03/28 10:42:49 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Documents\Markham Little Theatre
[3 C:\Users\Jimmy\Documents\*.tmp files -> C:\Users\Jimmy\Documents\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/06/17 09:31:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{87E86E6C-3BE5-4791-9DE7-F5CD51F1B613}.job
[2010/06/17 09:30:49 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CBEDDEF6-10EF-4A9C-8025-AE02B1916502}.job
[2010/06/17 09:00:46 | 009,961,472 | -HS- | M] () -- C:\Users\Jimmy\NTUSER.DAT
[2010/06/17 08:58:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
[2010/06/17 08:12:45 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/17 08:12:45 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/17 08:04:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/17 00:33:40 | 000,122,713 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\nvModes.001
[2010/06/17 00:28:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/17 00:27:00 | 2146,410,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/17 00:25:30 | 000,524,288 | -HS- | M] () -- C:\Users\Jimmy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/17 00:25:30 | 000,065,536 | -HS- | M] () -- C:\Users\Jimmy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/17 00:25:03 | 004,614,270 | -H-- | M] () -- C:\Users\Jimmy\AppData\Local\IconCache.db
[2010/06/16 18:38:22 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 18:28:45 | 000,000,744 | ---- | M] () -- C:\Users\Jimmy\Desktop\NTREGOPT.lnk
[2010/06/16 18:28:45 | 000,000,725 | ---- | M] () -- C:\Users\Jimmy\Desktop\ERUNT.lnk
[2010/06/16 18:28:43 | 000,000,000 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\prvlcl.dat
[2010/06/16 15:59:34 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\TFC.exe
[2010/06/15 14:56:53 | 000,001,885 | ---- | M] () -- C:\Users\Jimmy\Desktop\HijackThis.lnk
[2010/06/15 13:47:02 | 298,031,434 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/10 08:29:49 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/10 08:29:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/06/10 00:13:19 | 001,843,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/09 13:29:42 | 000,122,713 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\nvModes.dat
[2010/06/06 13:37:48 | 000,203,264 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 13:16:10 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Aion.lnk
[2010/06/06 12:49:43 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2010/06/04 10:11:23 | 000,784,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/04 10:11:23 | 000,269,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/04 10:11:23 | 000,005,652 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/01 00:06:53 | 000,023,406 | ---- | M] () -- C:\Users\Jimmy\Documents\頌麗詩.docx
[2010/05/26 13:44:35 | 000,040,448 | ---- | M] () -- C:\Users\Jimmy\Documents\Common Cause Notes.doc
[2010/05/23 13:11:08 | 000,034,816 | ---- | M] () -- C:\Users\Jimmy\Documents\1-Passwords.doc
[2010/05/23 12:25:32 | 001,742,336 | ---- | M] () -- C:\Users\Jimmy\Desktop\RappelzUSDownloader20100511.exe
[2010/05/20 15:12:01 | 000,148,152 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/05/06 16:34:10 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/23 14:00:47 | 001,196,629 | ---- | M] () -- C:\Users\Jimmy\Documents\ERG in Blood.pptx
[2010/04/15 09:02:32 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/04/13 18:03:59 | 000,000,044 | ---- | M] () -- C:\Windows\PERFV700SERIES.ini
[2010/04/11 22:58:28 | 000,096,674 | ---- | M] () -- C:\Users\Jimmy\Documents\T1 General.pdf
[2010/04/10 09:23:42 | 000,385,993 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[3 C:\Users\Jimmy\Documents\*.tmp files -> C:\Users\Jimmy\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/17 08:25:54 | 000,293,376 | ---- | C] () -- C:\Users\Jimmy\Desktop\gmer.exe
[2010/06/16 18:38:22 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/16 18:28:45 | 000,000,744 | ---- | C] () -- C:\Users\Jimmy\Desktop\NTREGOPT.lnk
[2010/06/16 18:28:45 | 000,000,725 | ---- | C] () -- C:\Users\Jimmy\Desktop\ERUNT.lnk
[2010/06/15 14:56:52 | 000,001,885 | ---- | C] () -- C:\Users\Jimmy\Desktop\HijackThis.lnk
[2010/06/10 08:29:49 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/06/06 13:16:10 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\Aion.lnk
[2010/06/06 12:49:43 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2010/06/01 00:06:39 | 000,023,406 | ---- | C] () -- C:\Users\Jimmy\Documents\頌麗詩.docx
[2010/05/23 12:24:59 | 001,742,336 | ---- | C] () -- C:\Users\Jimmy\Desktop\RappelzUSDownloader20100511.exe
[2010/04/23 13:48:47 | 001,196,629 | ---- | C] () -- C:\Users\Jimmy\Documents\ERG in Blood.pptx
[2010/04/15 09:01:51 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/04/13 17:58:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/04/13 17:58:53 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/04/13 17:58:53 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/04/13 17:58:53 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/04/13 17:58:53 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/04/13 17:58:53 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/04/13 17:58:53 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/04/13 17:58:53 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/04/13 17:58:53 | 000,012,669 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010/04/13 17:58:53 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/04/13 17:58:53 | 000,006,478 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010/04/13 17:58:53 | 000,006,478 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010/04/13 17:58:53 | 000,006,366 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010/04/13 17:58:53 | 000,006,366 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010/04/13 17:58:53 | 000,006,226 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010/04/13 17:58:53 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/04/13 17:58:53 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/04/13 17:58:53 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/04/13 17:58:53 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/04/13 17:58:53 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/04/13 17:58:53 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/04/13 17:58:53 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/04/13 17:51:18 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV700SERIES.ini
[2010/04/11 22:58:28 | 000,096,674 | ---- | C] () -- C:\Users\Jimmy\Documents\T1 General.pdf
[2009/12/11 01:29:00 | 000,293,480 | ---- | C] () -- C:\Windows\System32\nvnt4cpl.dll
[2009/09/16 22:09:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/12/30 12:35:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/10/07 18:27:03 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\FD503CE53E.sys
[2008/10/07 18:26:59 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/10/02 09:45:02 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/09/03 15:29:34 | 000,000,378 | ---- | C] () -- C:\Windows\NJCOM.INI
[2008/07/22 05:13:11 | 000,137,992 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/07/22 05:12:29 | 000,000,285 | ---- | C] () -- C:\Windows\game.ini
[2008/07/22 01:28:36 | 000,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/07/20 03:59:31 | 000,000,034 | ---- | C] () -- C:\Windows\DVDFabPlatinum.INI
[2008/07/19 22:49:21 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo.dll
[2008/07/18 19:23:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/18 18:48:53 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/07/18 18:48:53 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/07/18 18:48:53 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/07/18 18:48:53 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/07/18 18:48:53 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/07/18 18:48:53 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2007/04/12 13:26:14 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/04/12 12:37:05 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/04/12 12:37:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/04/12 12:37:05 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/04/12 12:37:05 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/04/11 19:47:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/02/21 14:26:58 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/05 16:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002/06/06 03:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll
========== LOP Check ==========
[2010/06/06 12:41:15 | 000,000,000 | -HSD | M] -- C:\Users\Jimmy\AppData\Roaming\.#
[2008/11/30 12:38:57 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Anvil Studio
[2008/08/11 18:18:32 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Autodesk
[2010/06/07 08:19:20 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\BitTorrent
[2010/01/01 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Canon
[2009/10/30 00:53:38 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Dawn's Light
[2010/03/31 01:22:46 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\DNA
[2010/04/29 15:43:07 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\EPSON
[2008/12/22 18:13:03 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Free Sound Recorder
[2009/08/07 22:00:47 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\GoldWaveCDDB
[2009/02/18 11:58:27 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\GrabPro
[2009/03/02 23:10:27 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\GraphPad Software
[2010/05/23 10:55:54 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\My Games
[2008/09/03 15:29:39 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\NJStar
[2009/10/29 00:31:12 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Orbit
[2009/04/02 21:38:46 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\PlayFirst
[2008/11/09 12:28:24 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Red Alert 3
[2009/03/04 01:37:26 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Set Alarm Clock
[2010/04/01 21:34:19 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\ShinyTales
[2008/12/22 19:45:33 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Sony
[2009/02/19 12:16:21 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Toshiba
[2008/08/23 21:36:49 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Ulead Systems
[2008/10/11 00:55:18 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\V-Safe
[2008/08/23 21:39:59 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Vso
[2010/06/17 00:25:45 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/17 09:31:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{87E86E6C-3BE5-4791-9DE7-F5CD51F1B613}.job
[2010/06/17 09:30:49 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CBEDDEF6-10EF-4A9C-8025-AE02B1916502}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/04/11 16:27:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/17 00:27:00 | 2146,410,496 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/21 07:39:34 | 000,020,844 | ---- | M] () -- C:\INSTALL_Jimmy_01000005.ERR
[2008/12/22 14:02:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/22 14:02:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/17 00:26:58 | 2460,221,440 | -HS- | M] () -- C:\pagefile.sys
[2008/07/22 03:12:52 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/07/22 03:12:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/01/11 03:06:35 | 000,005,834 | ---- | M] () -- C:\WirelessDiagLog.csv
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 05:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2008/01/19 03:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 01:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 03:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
< End of report >
OTL Extras logfile created on: 17/06/2010 9:00:36 AM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Jimmy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.58 Gb Total Space | 12.27 Gb Free Space | 11.62% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 7.66 Gb Free Space | 6.85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TWODALLAHCHOW
Current User Name: Jimmy
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A16808-9AE2-4A73-9DF1-989FB160D7B6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6AF483A7-3708-4F08-81FB-7F5EF12EDD3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D8D37E8F-0852-4F32-96A8-523D8D0C39EF}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01573CDF-80C8-4E2E-A7F4-4107DF308A0D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0196A981-578E-49D4-8D54-13834064CA5D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{03A3DED7-2599-4B08-8BFC-5463637C6D08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B96BE16-2092-4218-B4E2-908397063233}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1412451E-1530-4BAE-8879-CA09E261FEAE}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{329DA4B6-12BD-4760-9B2D-D83D3C352E27}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{38BD9A98-8037-4F00-98EA-0E534C2F7ECE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\prince of persia\launcher\launcher.exe |
"{3D48D8D3-AF9E-454C-B667-1A5DCB739351}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{41AC38B6-7A37-49C7-8DDE-1ECF434BCDCC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{442666F3-90A8-4EB9-918B-0698370521A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{45283290-3D8E-4E70-B262-1FB7284CE702}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5001BC92-0E2B-49C3-894E-CB2B01B650C4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52B560CB-3F97-45CB-BB24-15C58464A749}" = protocol=6 | dir=in | app=d:\call of duty 4\install\iw3mp.exe |
"{63B7C1D4-9C0B-4E1F-AE69-791CD4143702}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{644712F5-E32B-4D98-A41B-05DDC65866C5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6C4A5F6D-0FCC-4FCC-A821-8B73BEF49ACF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7FEE16E5-3C97-4A6F-ADA8-A70AC39BF153}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{A636E3C5-6236-498A-AB11-D3E0A647B697}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B1BD0112-463F-4C59-B5FE-D8AE46316762}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B2606724-3437-4D0D-8F6B-01CD64A13166}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B613F2F6-AC49-4747-BB25-BF7D4923F537}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{BB033656-1667-4707-8DEA-F5764374CC42}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CB7BC371-2830-4E45-9D19-B2A0354315E9}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D1652D2C-DAE3-46AA-9162-E470F5E486FE}" = protocol=17 | dir=in | app=d:\call of duty 4\install\iw3mp.exe |
"{DC0BF4FB-EF23-4260-92C8-F99C717F1E5E}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{E7EBFC2B-A3E4-4BF8-9F1C-F5E45251EA5A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E7F9F486-39C6-41C3-97D3-82A9968DAF67}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\prince of persia\launcher\launcher.exe |
"{F06F5598-19BE-4792-BF14-CFE3BFBEC5CE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F11F05A3-2FB6-41F8-B43B-0157C20155E9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F314C718-A7C2-4C18-B7D2-5F4827CF15DD}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{F8A2B933-317F-4445-8FB9-5653951E9433}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"TCP Query User{15544250-F259-45C8-9476-C05F4ACDA1C5}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{15B9EA84-1409-4808-B418-3C81B3DD75B5}C:\users\jimmy\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jimmy\program files\dna\btdna.exe |
"TCP Query User{291A0EFC-1A90-46B6-B5D9-ED67BF73A44B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2D7838A1-4B09-4BC4-A7D7-9D1AED6E4100}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{2F87C58F-3A0F-44FF-9815-7913A0BF1987}C:\users\jimmy\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\jimmy\program files\dna\btdna.exe |
"TCP Query User{51944582-9426-4F31-A51D-ADC47451FA69}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{5D5A6783-6CE1-4189-840E-9CF288CF9ADA}C:\program files\orbit downloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbit downloader\orbitnet.exe |
"TCP Query User{68752F08-4B1D-49B3-9B65-2ACA90137B49}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{81F7E5DA-4A16-4BA8-AB63-46439405D520}C:\program files\electronic arts\red alert 3\data\ra3_1.3.game" = protocol=6 | dir=in | app=c:\program files\electronic arts\red alert 3\data\ra3_1.3.game |
"TCP Query User{A2FDC5F6-28F3-4A1B-9528-A46896B09272}C:\program files\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"TCP Query User{AF40B226-7854-4012-A1FF-77C969D1A30F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{B044FB06-3F41-4D55-8A71-68E776A7E62D}C:\program files\orbit downloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbit downloader\orbitnet.exe |
"TCP Query User{D1259559-031B-4A5A-9EFC-DACFF7C235F5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DB3DE353-0651-403C-930D-A610139739DD}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F2856769-44C9-4B65-B59E-0A62F074D17C}C:\users\jimmy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{F36A2D55-18C9-4202-A8A4-378C11CEBFBF}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{FC420582-4790-4EB5-8A84-FF0863776643}C:\program files\softnyx\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\program files\softnyx\rakionis\bin\rakion.bin |
"UDP Query User{1243FF14-3171-47BE-BC86-45DD1F427E98}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{1BBDBD39-6EA1-4D84-B39F-2CCF19D5304D}C:\program files\orbit downloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbit downloader\orbitnet.exe |
"UDP Query User{1D9AF3DA-8085-462E-9B13-44C438415537}C:\program files\orbit downloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbit downloader\orbitnet.exe |
"UDP Query User{2BDC84FA-7B0B-47A6-9F59-F15A5334EC78}C:\program files\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"UDP Query User{330F05DF-9D33-4946-9EDB-6DC77B446AC6}C:\program files\electronic arts\red alert 3\data\ra3_1.3.game" = protocol=17 | dir=in | app=c:\program files\electronic arts\red alert 3\data\ra3_1.3.game |
"UDP Query User{3981E1AE-09D7-439D-A659-90C24AD5A3EA}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{3C0AB2AB-1D8F-4108-846B-F56CA3CB24AA}C:\program files\softnyx\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\program files\softnyx\rakionis\bin\rakion.bin |
"UDP Query User{43EC6E40-7595-4280-9858-50C7C56C6E0A}C:\users\jimmy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{4FA01827-5325-432E-B85C-772A6FF84E2F}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{7DC97F84-DD30-49A2-AFB3-E2027D70B715}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{99DB6DA2-3796-4484-BF50-9D2B6049CB36}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{AE80BC95-EA3C-49AB-9484-528EC4D70B68}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{CAFEF4A0-8CEF-449E-AB55-4FC7BD7B2B45}C:\users\jimmy\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jimmy\program files\dna\btdna.exe |
"UDP Query User{E6CBDF11-D93B-4FC9-864F-4E3238723C94}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{E98B67D3-945F-499C-9ED9-1FA691FBF947}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EDB72EC3-6CFB-4E39-B91D-FB1DCE2BBF54}C:\users\jimmy\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\jimmy\program files\dna\btdna.exe |
"UDP Query User{FA353AA2-C7EC-4623-8F20-0DA441C0A002}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live 上載工具
"{20FA37C4-01B8-4A14-97F0-67615DBBF29F}" = QuickTime SDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35B73650-6899-11DA-6784-00232A9018BE}" = GraphPad Prism 5 (Trial)
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FF6DCB6-71FA-4DB1-BCDB-7C93DF2DA992}" = Camera Assistant Software for Toshiba(2.0M)
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F07D6DA-35EC-4835-9CF1-0D1D330E7196}" = Ulead PureHD SDK 1.0 (Redist)
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA HD DVD PLAYER
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{899DF8BD-6ECC-4FE6-BA98-D8DC7AD944E0}_is1" = Dawn's Light 1.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROPLUS_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROPLUS_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROPLUS_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROPLUS_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROPLUS_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROPLUS_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROPLUS_{33FA7680-10ED-444E-BC72-214064317283}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROPLUS_{5E6C6E79-40BE-491B-9ABF-C665667E1B07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-0044-0404-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Chinese (Traditional)) 2007
"{90120000-0044-0404-0000-0000000FF1CE}_PROPLUS_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROPLUS_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EB1504E-FD95-4BCD-8E93-B4039F59C469}" = Sony Ericsson Media Manager 1.2
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CAEB0504-FED1-4736-969A-5499309E9E7F}" = Aion
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DEC29935-E1EF-4C04-856A-D0F805C37282}" = Digital Video Creator 150
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{F8766B65-4B9C-11D6-830E-0050DABBB449}" = MovieStar 5
"{FDCEF602-9FCA-428E-8AD5-5C3C9DC8CE05}" = Qosmio AV Controller Manager
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"4 Elements_is1" = 4 Elements 1.0
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Ahriman's Prophecy" = Ahriman's Prophecy
"AsUninst.exe" = Anvil Studio
"avast5" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CamStudio" = CamStudio
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CDisplay_is1" = CDisplay 1.8
"Chocolatier Decadence by Design" = Chocolatier Decadence by Design
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 3.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Platinum_is1" = DVDFab Platinum 4.0.0.5 Beta Ghosthunter release
"EADM" = EA Download Manager
"Elements1.0" = Elements
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.0" = Freecorder 4.0 Application
"Guild Wars" = Guild Wars
"Hamachi" = Hamachi 1.0.2.5
"HijackThis" = HijackThis 2.0.2
"InFlac" = InFlac 1.1.1
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"Network Addon Mod" = Network Addon Mod Version June 2009
"NJStar Chinese WP" = NJStar Chinese WP
"NJStar Communicator" = NJStar Communicator
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Potion Bar H33T" = Potion Bar H33T
"PrimoPDF4.1.0.9" = PrimoPDF
"ProInst" = Intel® PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Silent Package Run-Time Sample" = EPSON Perf V700-V750 Guide
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 3.32
"Steam App 23380" = Gyromancer
"Steam App 37800" = QuantZ
"StepMania" = StepMania (remove only)
"SUMOsp 2.0.4" = SUMOsp 2.0.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.9
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4/E5 Utility
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 壓縮工具
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 22/05/2009 1:15:40 PM | Computer Name = TwoDallahChow | Source = avast! | ID = 33554522
Description =
Error - 01/10/2009 6:49:03 PM | Computer Name = TwoDallahChow | Source = avast! | ID = 33554522
Description =
Error - 03/11/2009 12:17:21 AM | Computer Name = TwoDallahChow | Source = avast! | ID = 33554522
Description =
Error - 31/12/2009 9:38:18 AM | Computer Name = TwoDallahChow | Source = avast! | ID = 33554522
Description =
Error - 28/02/2010 3:46:34 PM | Computer Name = TwoDallahChow | Source = avast! | ID = 33554522
Description =
Error - 26/05/2010 12:30:35 AM | Computer Name = TwoDallahChow | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 23/04/2010 1:50:57 PM | Computer Name = TwoDallahChow | Source = LoadPerf | ID = 3011
Description =
Error - 23/04/2010 3:23:03 PM | Computer Name = TwoDallahChow | Source = LoadPerf | ID = 3012
Description =
Error - 23/04/2010 3:23:03 PM | Computer Name = TwoDallahChow | Source = LoadPerf | ID = 3011
Description =
Error - 26/04/2010 10:54:53 AM | Computer Name = TwoDallahChow | Source = LoadPerf | ID = 3012
Description =
Error - 26/04/2010 10:54:53 AM | Computer Name = TwoDallahChow | Source = LoadPerf | ID = 3011
Description =
Error - 29/04/2010 3:46:11 PM | Computer Name = TwoDallahChow | Source = Application Error | ID = 1000
Description = Faulting application ESCNDV.EXE, version 3.8.0.1, time stamp 0x497ed980,
faulting module SHELL32.dll, version 6.0.6002.18005, time stamp 0x49e037ec, exception
code 0xc0000005, fault offset 0x002d2c67, process id 0x1278, application start time
0x01cae7d42c189520.
Error - 29/04/2010 5:51:03 PM | Computer Name = TwoDallahChow | Source = LoadPerf | ID = 3012
Description =
Error - 29/04/2010 5:51:03 PM | Computer Name = TwoDallahChow | Source = LoadPerf | ID = 3011
Description =
Error - 30/04/2010 5:38:23 PM | Computer Name = TwoDallahChow | Source = LoadPerf | ID = 3012
Description =
Error - 30/04/2010 5:38:23 PM | Computer Name = TwoDallahChow | Source = LoadPerf | ID = 3011
Description =
[ OSession Events ]
Error - 27/03/2009 12:18:25 PM | Computer Name = Jimmy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 11697 seconds with 5760 seconds of active time. This session ended with
a crash.
[ System Events ]
Error - 16/06/2010 9:37:00 AM | Computer Name = TwoDallahChow | Source = Service Control Manager | ID = 7011
Description =
Error - 16/06/2010 4:10:58 PM | Computer Name = TwoDallahChow | Source = Service Control Manager | ID = 7011
Description =
Error - 16/06/2010 7:06:33 PM | Computer Name = TwoDallahChow | Source = Service Control Manager | ID = 7022
Description =
Error - 16/06/2010 7:08:41 PM | Computer Name = TwoDallahChow | Source = Service Control Manager | ID = 7022
Description =
Error - 16/06/2010 7:08:49 PM | Computer Name = TwoDallahChow | Source = Service Control Manager | ID = 7001
Description =
Error - 16/06/2010 7:08:51 PM | Computer Name = TwoDallahChow | Source = DCOM | ID = 10010
Description =
Error - 17/06/2010 12:32:50 AM | Computer Name = TwoDallahChow | Source = DCOM | ID = 10010
Description =
Error - 17/06/2010 8:04:23 AM | Computer Name = TwoDallahChow | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 0013E87BB7C7 has been denied by the DHCP server 142.76.192.10 (The DHCP
Server sent a DHCPNACK message).
Error - 17/06/2010 9:36:14 AM | Computer Name = TwoDallahChow | Source = Dhcp | ID = 1002
Description = The IP address lease 172.21.7.67 for the Network Card with network
address 0013E87BB7C7 has been denied by the DHCP server 172.24.104.1 (The DHCP
Server sent a DHCPNACK message).
Error - 17/06/2010 9:37:07 AM | Computer Name = TwoDallahChow | Source = Service Control Manager | ID = 7011
Description =
< End of report >
Again, thank you so much, and if it seems to be a hardware/cooling problem, please advise.
Sign In
Create Account
