Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit help


  • Please log in to reply

#1
johnnyz86

johnnyz86

    New Member

  • Member
  • Pip
  • 7 posts
My computer has been unstable recently and I often get virus warnings to places like SystemVolumeInformation and windows/something/disk.sys (and other random files) from Avira with the latest updates. Within 5 seconds the antivirus window that has my options disappears. I have done all the steps in the sticky. The AV scan doesn't find these files after it gets hidden, does that mean rootkit?

In my reply, I will paste the logs. Thanks for looking!
  • 0

Advertisements


#2
johnnyz86

johnnyz86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
MBAM Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4375

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/31/2010 4:18:14 PM
mbam-log-2010-07-31 (16-18-14).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 589444
Time elapsed: 48 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\My Transfers\bt\Fun\Heroes of Might and Magic V - Collectors Edition + Hammers Of Fate + Tribes Of The East (EdenGotterrCyan)\Heroes of Might and Magic V - Collectors Edition (EdenGotterrCyan)\Utility - Trainer\asx-homm5 - trainer.exe (Malware.Packer) -> No action taken.
D:\Program Files\Darkstar One\Voyager.dll (Trojan.FakeAlert) -> No action taken.
  • 0

#3
johnnyz86

johnnyz86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-31 22:38:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chang\LOCALS~1\Temp\fxldypod.sys


---- System - GMER 1.0.15 ----

SSDT B8706D4E ZwCreateKey
SSDT B8706D44 ZwCreateThread
SSDT B8706D53 ZwDeleteKey
SSDT B8706D5D ZwDeleteValueKey
SSDT spht.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spht.sys ZwEnumerateValueKey [0xB7EC7030]
SSDT B8706D62 ZwLoadKey
SSDT spht.sys ZwOpenKey [0xB7EA80C0]
SSDT B8706D30 ZwOpenProcess
SSDT B8706D35 ZwOpenThread
SSDT spht.sys ZwQueryKey [0xB7EC7108]
SSDT spht.sys ZwQueryValueKey [0xB7EC6F88]
SSDT B8706D6C ZwReplaceKey
SSDT B8706D67 ZwRestoreKey
SSDT B8706D58 ZwSetValueKey
SSDT B8706D3F ZwTerminateProcess

INT 0x63 ? 899B4BF8
INT 0x73 ? 8A5D0BF8
INT 0x73 ? 8A5D3BF8
INT 0x73 ? 899B4BF8
INT 0x73 ? 8A5D0BF8
INT 0x83 ? 8A55EBF8
INT 0x83 ? 8A55EBF8
INT 0x83 ? 899B4BF8
INT 0x83 ? 8A55EBF8
INT 0x94 ? 899B4BF8
INT 0xB4 ? 899B4BF8
INT 0xB4 ? 899B4BF8
INT 0xB4 ? 899B4BF8
INT 0xB4 ? 899B4BF8

---- Kernel code sections - GMER 1.0.15 ----

? spht.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70A2380, 0x550AF5, 0xE8000020]
.text USBPORT.SYS!DllUnload B70828AC 5 Bytes JMP 899B41D8
.text anyiz8uw.SYS B6FA6384 1 Byte [20]
.text anyiz8uw.SYS B6FA6384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text anyiz8uw.SYS B6FA63AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text anyiz8uw.SYS B6FA63C4 3 Bytes [00, 00, 00]
.text anyiz8uw.SYS B6FA63C9 1 Byte [00]
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB2EEF300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8490300, 0x1BCE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe[692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED1FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe[692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED2020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\GIGABYTE\ET6\GUI.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02091FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\GIGABYTE\ET6\GUI.exe[952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02092020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01281FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01282020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\RivaTuner v2.11\RivaTuner.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\RivaTuner v2.11\RivaTuner.exe[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003F1FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003F2020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B71FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B72020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe[2484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe[2484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[2768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[2768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\modules\WinList.exe[2908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\modules\WinList.exe[2908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Documents and Settings\Chang\My Documents\Antivirus\gmer.exe[3232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Documents and Settings\Chang\My Documents\Antivirus\gmer.exe[3232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text c:\program files\avira\antivir desktop\avcenter.exe[3904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA1FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text c:\program files\avira\antivir desktop\avcenter.exe[3904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA2020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A55C1F8
Device \Driver\usbuhci \Device\USBPDO-0 899EA1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5D11F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5D11F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5D11F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5D11F8
Device \Driver\usbuhci \Device\USBPDO-1 899EA1F8
Device \Driver\usbuhci \Device\USBPDO-2 899EA1F8
Device \Driver\usbehci \Device\USBPDO-3 89A081F8
Device \Driver\usbuhci \Device\USBPDO-4 899EA1F8
Device \Driver\usbuhci \Device\USBPDO-5 899EA1F8
Device \Driver\prodrv06 \Device\ProDrv06 E19D7A18
Device \Driver\usbuhci \Device\USBPDO-6 899EA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A55F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)

Device \Driver\usbehci \Device\USBPDO-7 89A081F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A55F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)

Device \Driver\Cdrom \Device\CdRom0 899ED1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A55F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)

Device \Driver\Cdrom \Device\CdRom1 899ED1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\iaStor0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-3 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A55F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)

Device \Driver\Ftdisk \Device\HarddiskVolume5 8A55F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)

Device \Driver\Ftdisk \Device\HarddiskVolume6 8A55F1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)

Device \Driver\prohlp02 \Device\ProHlp02 E1012DC8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9AD0EBF1-581B-48ED-9879-FFBFB6209195} 8947D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8947D1F8
Device \Driver\NetBT \Device\NetbiosSmb 8947D1F8
Device \Driver\PCI_PNP1470 \Device\0000005a spht.sys
Device \Driver\usbuhci \Device\USBFDO-0 899EA1F8
Device \Driver\usbuhci \Device\USBFDO-1 899EA1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 893F01F8
Device \Driver\usbuhci \Device\USBFDO-2 899EA1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 893F01F8
Device \Driver\usbehci \Device\USBFDO-3 89A081F8
Device \Driver\usbuhci \Device\USBFDO-4 899EA1F8
Device \Driver\Ftdisk \Device\FtControl 8A55F1F8
Device \Driver\usbuhci \Device\USBFDO-5 899EA1F8
Device \Driver\usbuhci \Device\USBFDO-6 899EA1F8
Device \Driver\sptd \Device\4012591470 spht.sys
Device \Driver\usbehci \Device\USBFDO-7 89A081F8
Device \Driver\anyiz8uw \Device\Scsi\anyiz8uw1Port4Path0Target0Lun0 899D01F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8A55D1F8
Device \Driver\JRAID \Device\Scsi\JRAID1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\anyiz8uw \Device\Scsi\anyiz8uw1 899D01F8
Device \FileSystem\Cdfs \Cdfs 8947F1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a386
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a386@0016414ae3b9 0x07 0x35 0xA5 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x5B 0x3D 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3A 0xDB 0xE4 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0x42 0xD3 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD2 0xC8 0x80 0x19 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a386 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a386@0016414ae3b9 0x07 0x35 0xA5 0x49 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x5B 0x3D 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3A 0xDB 0xE4 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0x42 0xD3 0x99 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD2 0xC8 0x80 0x19 ...

---- EOF - GMER 1.0.15 ----
  • 0

#4
johnnyz86

johnnyz86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL Log:
OTL logfile created on: 8/2/2010 10:08:15 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Chang\My Documents\Antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.00 Gb Total Space | 22.67 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
Drive D: | 867.51 Gb Total Space | 425.55 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 698.63 Gb Total Space | 135.55 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive G: | 698.64 Gb Total Space | 157.87 Gb Free Space | 22.60% Space Free | Partition Type: NTFS
Drive H: | 698.63 Gb Total Space | 343.35 Gb Free Space | 49.15% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 229.36 Gb Free Space | 32.83% Space Free | Partition Type: NTFS

Computer Name: FROOM
Current User Name: Chang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/02 10:07:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chang\My Documents\Antivirus\OTL.exe
PRC - [2010/08/01 07:53:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/15 02:09:46 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/03/17 17:39:42 | 000,659,456 | ---- | M] (IDEVFH L.L.C.) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
PRC - [2009/09/17 21:45:27 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/09/10 19:21:00 | 000,126,464 | ---- | M] (VirtuaWin) -- C:\Program Files\VirtuaWin\VirtuaWin.exe
PRC - [2009/09/10 19:21:00 | 000,014,848 | ---- | M] () -- C:\Program Files\VirtuaWin\modules\WinList.exe
PRC - [2009/06/10 01:57:25 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/16 13:15:00 | 002,715,648 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\RivaTuner.exe
PRC - [2008/09/16 13:15:00 | 000,057,344 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
PRC - [2008/09/16 13:15:00 | 000,053,248 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverrider.exe
PRC - [2008/09/05 01:00:00 | 002,117,216 | ---- | M] (Lavalys, Inc.) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
PRC - [2008/08/08 15:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/07/16 18:23:36 | 000,880,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
PRC - [2008/06/18 06:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:43 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008/04/13 20:12:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 18:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GUI.exe
PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2007/09/26 19:05:58 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2007/01/30 01:39:34 | 001,432,064 | ---- | M] (Phoenix Labs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2006/10/26 14:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2005/02/17 08:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/08/02 10:07:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chang\My Documents\Antivirus\OTL.exe
MOD - [2008/09/16 13:15:00 | 000,045,056 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\RivaTunerStatisticsServer\RTSSHooks.dll
MOD - [2008/09/16 13:15:00 | 000,028,672 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/09/17 21:45:27 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/17 20:30:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/03 12:41:06 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/06/10 01:57:25 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/12/10 12:59:29 | 000,262,144 | ---- | M] (KALiNKOsoft) [Auto | Stopped] -- C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2008/08/08 15:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\TVicPort64.sys -- (TVicPort64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - [2010/07/31 23:00:33 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/07/31 22:59:49 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/02/18 15:44:19 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/01/22 05:50:59 | 010,276,992 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/12/08 02:30:32 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/10 05:53:48 | 000,341,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/06/10 01:57:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/05/19 01:28:49 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys -- (AODDriver)
DRV - [2009/04/08 14:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/06 20:29:55 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/11/06 20:29:55 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/11/06 19:51:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/16 13:15:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.11\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/09/05 01:00:00 | 000,023,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/30 22:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/07/24 06:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/07 03:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/22 16:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/01/30 01:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2006/11/10 09:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2005/04/04 12:36:52 | 000,009,887 | ---- | M] (Ken Kato) [Kernel | On_Demand | Stopped] -- C:\System\vfd\vfd.sys -- (VirtualFD)
DRV - [2005/03/30 12:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2004/08/09 07:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 07:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 10:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.tvguide.c...aspx&zip=20723"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.55
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.12
FF - prefs.js..extensions.enabledItems: [email protected]:0.10.2010040201
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.8.3
FF - prefs.js..extensions.enabledItems: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}:1.0.2
FF - prefs.js..extensions.enabledItems: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:1.4.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/01 07:53:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 07:53:06 | 000,000,000 | ---D | M]

[2008/11/03 10:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Extensions
[2010/08/01 23:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions
[2010/01/30 14:24:03 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/04/08 23:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2010/07/28 23:55:53 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/04/27 08:43:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/21 22:30:48 | 000,000,000 | ---D | M] (Context Search) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2010/02/21 04:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
[2010/07/28 23:55:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/23 20:43:51 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2010/04/27 08:43:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/27 08:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\[email protected]
[2010/07/28 23:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\[email protected]
[2010/04/08 23:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\[email protected]
[2010/07/31 12:56:02 | 000,002,603 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\gamefaqs.xml
[2010/07/31 12:56:02 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\google-maps.xml
[2010/07/31 12:56:02 | 000,002,580 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\imdb.xml
[2010/07/31 12:56:01 | 000,001,161 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\rateyourmusic.xml
[2010/07/31 12:56:02 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\rotten-tomatoes.xml
[2010/08/01 23:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [D3DOverrider] C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverrider.exe ()
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe (PreRun)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [RivaTuner] C:\Program Files\RivaTuner v2.11\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.11\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStatisticsServer] C:\Program Files\RivaTuner v2.11\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe (Lavalys, Inc.)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187B Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\AWC (lower priority).lnk = C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\EVEREST Ultimate Edition.lnk = C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe (Lavalys, Inc.)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\Vuze.lnk = C:\Program Files\Vuze\Azureus.exe (Vuze Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...5/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1225700775000 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1256048535375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\DOCUME~1\Chang\LOCALS~1\Temp\AutoWall.bmp
O24 - Desktop BackupWallPaper: C:\DOCUME~1\Chang\LOCALS~1\Temp\AutoWall.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\SYSTEM\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8d39d2b-b371-11dd-956b-0014d15410cd}\Shell - "" = AutoRun
O33 - MountPoints2\{d8d39d2b-b371-11dd-956b-0014d15410cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d8d39d2b-b371-11dd-956b-0014d15410cd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/31 15:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\Application Data\Malwarebytes
[2010/07/31 15:19:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/31 15:19:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/31 15:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/31 15:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/31 15:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/31 15:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/31 15:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\My Documents\Antivirus
[2010/07/31 14:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\My Documents\Import
[2010/07/28 03:01:27 | 000,000,000 | ---D | C] -- C:\_Drop-Box
[2010/07/05 00:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\Desktop\Adobe
[2010/06/11 21:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema
[2010/06/05 02:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\My Documents\Adobe Scripts
[2010/06/03 23:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\Application Data\HDRsoft
[2010/06/03 23:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro3
[2010/05/20 22:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/05/20 22:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs

========== Files - Modified Within 90 Days ==========

[2010/08/02 10:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/02 09:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/02 02:14:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/02 02:05:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\defrag h.job
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/01 08:08:36 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\Chang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/31 23:00:33 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2010/07/31 23:00:33 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2010/07/31 23:00:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/31 22:59:53 | 000,267,212 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/31 22:59:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/31 22:59:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 15:19:00 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Chang\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/31 15:15:49 | 035,389,440 | -H-- | M] () -- C:\Documents and Settings\Chang\NTUSER.DAT
[2010/07/31 15:15:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chang\ntuser.ini
[2010/07/31 15:10:50 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2010/07/30 17:09:50 | 000,567,948 | -H-- | M] () -- C:\Documents and Settings\Chang\Local Settings\Application Data\IconCache.db
[2010/07/29 02:00:40 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\defrag d.job
[2010/07/28 02:00:31 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\defrag c.job
[2010/07/24 12:20:04 | 000,000,400 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/05 00:12:16 | 000,001,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.lnk
[2010/07/04 14:48:31 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/04 05:56:50 | 000,505,286 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/04 05:56:50 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/04 05:56:50 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/13 21:09:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/09 03:26:42 | 002,143,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/03 23:04:46 | 000,034,308 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2010/05/21 01:57:06 | 000,000,033 | ---- | M] () -- C:\WINDOWS\gen_nic.ini
[2010/05/20 03:10:50 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2010/07/31 15:19:00 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Chang\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/24 12:20:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/05 00:12:16 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.lnk
[2010/07/05 00:09:39 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/07/05 00:09:09 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/06/03 23:04:46 | 000,034,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2010/05/20 03:10:50 | 000,001,919 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/21 20:27:37 | 000,000,033 | ---- | C] () -- C:\WINDOWS\gen_nic.ini
[2010/01/02 17:49:55 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/01/02 17:46:37 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/30 21:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/06 19:01:10 | 009,838,080 | ---- | C] () -- C:\WINDOWS\System32\tlidenoise30.dll
[2009/05/31 14:19:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/12/10 12:37:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2008/12/10 12:37:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/12/10 12:37:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll
[2008/11/18 18:44:27 | 000,000,338 | ---- | C] () -- C:\WINDOWS\d3xp.ini
[2008/11/18 18:39:28 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2008/11/18 18:32:55 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/12 14:39:20 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/11/06 20:29:55 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/11/06 20:29:55 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/11/06 19:51:20 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/06 19:09:54 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2008/11/03 22:10:51 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/03 10:41:35 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/03 10:41:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/03 10:34:45 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/11/03 04:13:40 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2008/10/07 14:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys

========== LOP Check ==========

[2008/11/03 21:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/01/10 13:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2008/11/09 00:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BCR
[2010/06/04 19:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/11/05 01:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2008/11/06 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/12/07 23:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2008/12/28 02:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/03/14 17:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/17 03:49:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2010/07/31 23:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Azureus
[2008/12/08 00:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Bioshock
[2010/02/10 17:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Braid
[2010/01/02 02:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Crayon Physics Deluxe
[2008/11/03 11:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\DAEMON Tools
[2008/12/15 20:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\fretsonfire
[2010/06/03 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\HDRsoft
[2008/12/10 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\KALiNKOsoft
[2009/12/01 01:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mp3tag
[2008/11/16 22:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\My Games
[2010/01/02 17:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\PrimoPDF
[2008/12/24 22:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Spore
[2008/11/13 22:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Switchball
[2008/11/27 02:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Thinstall
[2010/01/28 03:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\VirtuaWin
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/07/28 02:00:31 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\defrag c.job
[2010/07/29 02:00:40 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\defrag d.job
[2010/08/02 02:05:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\defrag h.job
[2010/08/02 10:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/24 20:42:04 | 000,000,440 | ---- | M] () -- C:\az.log
[2008/12/08 09:00:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/11/03 03:42:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/15 20:03:03 | 000,000,478 | ---- | M] () -- C:\LOG6.log
[2008/11/03 03:42:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 16:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/03 09:35:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/31 22:59:12 | 2147,483,648 | -HS- | M] () -- C:\pagefile.sys
[2010/03/15 17:08:46 | 000,000,241 | ---- | M] () -- C:\plugin.ini
[2008/11/03 04:03:05 | 000,000,429 | ---- | M] () -- C:\RHDSetup.log
[2010/07/28 00:38:20 | 000,030,104 | ---- | M] () -- C:\RootRepeal report 07-28-10 (00-38-20).txt
[2010/07/28 00:41:35 | 000,030,118 | ---- | M] () -- C:\RootRepeal report 07-28-10 (00-41-35).txt
[2010/07/31 23:00:19 | 000,000,128 | ---- | M] () -- C:\service.log

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/11/03 03:41:40 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/09/03 19:00:00 | 000,802,816 | ---- | M] (Sprout Games, LLC) -- C:\WINDOWS\FeedingFrenzy.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/11/02 22:27:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/02 22:27:05 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/02 22:27:05 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-24 16:20:18

========== Alternate Data Streams ==========

@Alternate Data Stream - 504 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073341D1
@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation
< End of report >

Edited by johnnyz86, 02 August 2010 - 08:21 AM.

  • 0

#5
johnnyz86

johnnyz86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL Extras logfile created on: 8/2/2010 10:08:15 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Chang\My Documents\Antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.00 Gb Total Space | 22.67 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
Drive D: | 867.51 Gb Total Space | 425.55 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 698.63 Gb Total Space | 135.55 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive G: | 698.64 Gb Total Space | 157.87 Gb Free Space | 22.60% Space Free | Partition Type: NTFS
Drive H: | 698.63 Gb Total Space | 343.35 Gb Free Space | 49.15% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 229.36 Gb Free Space | 32.83% Space Free | Partition Type: NTFS

Computer Name: FROOM
Current User Name: Chang
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe" = C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe:*:Enabled:RunUpd -- (Gigabyte)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- File not found
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- File not found
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- File not found
"C:\Program Files\GIGABYTE\EnergySaver\UpdExe.exe" = C:\Program Files\GIGABYTE\EnergySaver\UpdExe.exe:*:Enabled:Exe File -- (GIGABYTE)
"C:\Program Files\GIGABYTE\EnergySaver\GBTUpd.exe" = C:\Program Files\GIGABYTE\EnergySaver\GBTUpd.exe:*:Enabled:GBTUpd.exe -- (GIGABYTE)
"D:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe" = D:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe:*:Enabled:Bionic Commando Rearmed -- ()
"D:\Games\GRID\GRID.exe" = D:\Games\GRID\GRID.exe:*:Disabled:GRID Executable -- (Codemasters)
"D:\Program Files\Electronic Arts\Dead Space\Dead Space.exe" = D:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™ -- ()
"D:\Program Files\Steam\steamapps\jingsu\counter-strike source\hl2.exe" = D:\Program Files\Steam\steamapps\jingsu\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"D:\Program Files\Steam\steamapps\jingsu\team fortress 2\hl2.exe" = D:\Program Files\Steam\steamapps\jingsu\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Games\Multiwinia Survival Of The Flattest\multiwinia.exe" = D:\Games\Multiwinia Survival Of The Flattest\multiwinia.exe:*:Enabled:Multiwinia -- (Introversion *UNL2K8*)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"D:\Program Files\Sierra\FEAR\FEAR.exe" = D:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- File not found
"D:\Program Files\Sierra\FEAR\FEARMP.exe" = D:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"D:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe" = D:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:*:Enabled:FEARXP -- (Monolith Productions, Inc.)
"D:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe" = D:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:*:Enabled:FEARXP2 -- (TimeGate Studios, Inc.)
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe" = D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"D:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = D:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"D:\Games\Worms Armageddon - New Edition\WA.exe" = D:\Games\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon -- (Team17 Software Ltd)
"D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"D:\Games\Mass Effect\Binaries\MassEffect.exe" = D:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"D:\Games\Mass Effect\MassEffectLauncher.exe" = D:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe" = C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = D:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"C:\Documents and Settings\Chang\Local Settings\Temp\Rar$EX00.859\SteamStats.exe" = C:\Documents and Settings\Chang\Local Settings\Temp\Rar$EX00.859\SteamStats.exe:*:Enabled:SteamStats -- File not found
"C:\Downloads\Games\SteamStats\SteamStats.exe" = C:\Downloads\Games\SteamStats\SteamStats.exe:*:Enabled:SteamStats -- File not found
"D:\Games\BTrix100\blocktrix.exe" = D:\Games\BTrix100\blocktrix.exe:*:Enabled:blocktrix -- ()
"C:\Program Files\GIGABYTE\GBTUpd\GBTUpd.exe" = C:\Program Files\GIGABYTE\GBTUpd\GBTUpd.exe:*:Enabled:GBTUpd.exe -- (GIGABYTE)
"D:\Program Files\Steam\steamapps\common\ghost master\ghost.exe" = D:\Program Files\Steam\steamapps\common\ghost master\ghost.exe:*:Enabled:Ghost Master -- (Empire Interactive)
"D:\Program Files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe" = D:\Program Files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:*:Enabled:Evil Genius -- ()
"D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe" = D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- (EA Digital Illusions CE AB)
"D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe" = D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA -- (EA Digital Illusions CE AB)
"D:\Program Files\Celeris\Virtual Pool 3 DL\vp3.exe" = D:\Program Files\Celeris\Virtual Pool 3 DL\vp3.exe:*:Enabled:Virtual Pool 3 DL -- (Celeris Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0280F0D8-1542-4DAA-913C-8529E2A3835D}" = The Longest Journey
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{30433BBA-5358-4B41-817E-E694092DC178}" = Crazy Machines II
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0908.1
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0905.1
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{57FC4A5A-D05C-EFAD-89E8-1B4131B4C725}" = Switchball
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{79208609-FD44-4865-AE2B-784FDF31212C}_is1" = GameHouse Super Games AIO®
"{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}" = Virtual Pool 3 DL
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0905.1
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8D0BB1D1-E9FB-49E9-A9C1-09C00F38DA0C}" = FEAR Perseus Mandate
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187B Wireless LAN Driver and Utility
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC67770B-581D-4E96-B72A-A7907CE18725}" = Colin McRae Rally 2005
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{d40af016-506c-43fb-a738-bd54fa8c1e85}" = Python 3.1.2
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{D751B34C-058F-42EF-BE95-14EBB0D2C585}" = Dreamfall
"{DB219559-1F78-4343-9A6E-C2E987AD47A3}" = Bionic Commando Rearmed
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King's Bounty. The Legend (Remove Only)
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F20AE04A-3FDC-4A14-A90B-85DEE2812030}" = Sam & Max Season 1
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FED34B00-1DA2-4F4C-A3EC-A5F5893F5D86}" = Float32 2.0
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Armadillo Run_is1" = Armadillo Run 1.0.3
"ASIO4ALL" = ASIO4ALL
"ATITool" = ATITool Overclocking Utility
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Classic Doom 3" = Classic Doom 3 1.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"Crazy Machines1.074" = Crazy Machines
"Darkstar One_is1" = Darkstar One
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Focus Magic" = Focus Magic
"Fraps" = Fraps
"Freelancer 1.0" = Freelancer
"Future Pinball_is1" = Future Pinball
"Galactic Civilizations II" = Galactic Civilizations II
"Galactic Civilizations II - Gold Edition" = Galactic Civilizations II - Gold Edition
"Gish" = Gish
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"Hamsterball_is1" = Hamsterball
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV: Winds of War
"Hugin_is1" = Hugin 0.7.0 (SVN 3465)
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.6.0 Q16_is1" = ImageMagick 6.6.0-5 Q16 (2010-03-15)
"InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0908.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0905.1
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IrfanView" = IrfanView (remove only)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007b" = MATLAB R2007b
"MemSet_is1" = MemSet 3.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.45a
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Orb" = Winamp Remote
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.5.0
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.7
"PhysX FluidMark_is1" = PhysX FluidMark v1.0.0
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Precision" = EVGA Precision 1.3.3
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"PunkBusterSvc" = PunkBuster Services
"ReClock" = ReClock (remove only)
"RivaTuner" = RivaTuner v2.11
"rm3d1.0_is1" = Rolling Madness 3D v1.0
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
"Sins of a Solar Empire" = Sins of a Solar Empire
"Stardock Central" = Stardock Central
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 26800" = Braid
"Steam App 300" = Day of Defeat: Source
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3483" = Peggle Extreme
"Steam App 3720" = Evil Genius
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 6200" = Ghost Master
"Steve Murphy's Automatic Wallpaper Changer_is1" = AWC V3.0.7
"The Suffering" = The Suffering (remove only)
"VirtuaWin_is1" = VirtuaWin v4.1
"VLC media player" = VLC media player 0.9.8a
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Worms Armageddon - New Edition" = Worms Armageddon - New Edition
"X3 Bonus Package_is1" = X3 Bonus Package 3.1.07
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Jago" = Jago
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2010 7:12:05 PM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =

Error - 6/11/2010 8:12:05 PM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =

Error - 6/11/2010 9:12:05 PM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =

Error - 7/4/2010 5:05:54 AM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =

Error - 7/5/2010 12:51:24 PM | Computer Name = FROOM | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 7/16/2010 9:56:19 PM | Computer Name = FROOM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/16/2010 9:56:20 PM | Computer Name = FROOM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/31/2010 5:06:11 PM | Computer Name = FROOM | Source = Application Error | ID = 1000
Description = Faulting application pg2.exe, version 1.0.6.5, faulting module pg2.exe,
version 1.0.6.5, fault address 0x000608a5.

Error - 8/1/2010 10:27:38 PM | Computer Name = FROOM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0181c701.

Error - 8/1/2010 10:27:51 PM | Computer Name = FROOM | Source = Application Error | ID = 1001
Description = Fault bucket 1290553050.

[ System Events ]
Error - 7/31/2010 10:29:31 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.

Error - 7/31/2010 10:29:32 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.

Error - 7/31/2010 10:29:38 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.

Error - 7/31/2010 10:30:21 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.

Error - 7/31/2010 10:30:23 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.

Error - 7/31/2010 10:31:27 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.

Error - 7/31/2010 11:00:18 PM | Computer Name = FROOM | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/1/2010 12:46:57 AM | Computer Name = FROOM | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 8/1/2010 3:00:00 PM | Computer Name = FROOM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402

Error - 8/1/2010 3:00:00 PM | Computer Name = FROOM | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error: %%2147942402


< End of report >

Edited by johnnyz86, 02 August 2010 - 08:26 AM.

  • 0

#6
johnnyz86

johnnyz86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Any other information needed?

Edited by johnnyz86, 02 August 2010 - 06:12 PM.

  • 0

#7
johnnyz86

johnnyz86

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
still looking for help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP