In my reply, I will paste the logs. Thanks for looking!
Rootkit help
Started by
johnnyz86
, Aug 02 2010 08:15 AM
#1
Posted 02 August 2010 - 08:15 AM
In my reply, I will paste the logs. Thanks for looking!
#2
Posted 02 August 2010 - 08:16 AM
MBAM Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4375
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
7/31/2010 4:18:14 PM
mbam-log-2010-07-31 (16-18-14).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 589444
Time elapsed: 48 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\My Transfers\bt\Fun\Heroes of Might and Magic V - Collectors Edition + Hammers Of Fate + Tribes Of The East (EdenGotterrCyan)\Heroes of Might and Magic V - Collectors Edition (EdenGotterrCyan)\Utility - Trainer\asx-homm5 - trainer.exe (Malware.Packer) -> No action taken.
D:\Program Files\Darkstar One\Voyager.dll (Trojan.FakeAlert) -> No action taken.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4375
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
7/31/2010 4:18:14 PM
mbam-log-2010-07-31 (16-18-14).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 589444
Time elapsed: 48 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\My Transfers\bt\Fun\Heroes of Might and Magic V - Collectors Edition + Hammers Of Fate + Tribes Of The East (EdenGotterrCyan)\Heroes of Might and Magic V - Collectors Edition (EdenGotterrCyan)\Utility - Trainer\asx-homm5 - trainer.exe (Malware.Packer) -> No action taken.
D:\Program Files\Darkstar One\Voyager.dll (Trojan.FakeAlert) -> No action taken.
#3
Posted 02 August 2010 - 08:16 AM
GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-31 22:38:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chang\LOCALS~1\Temp\fxldypod.sys
---- System - GMER 1.0.15 ----
SSDT B8706D4E ZwCreateKey
SSDT B8706D44 ZwCreateThread
SSDT B8706D53 ZwDeleteKey
SSDT B8706D5D ZwDeleteValueKey
SSDT spht.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spht.sys ZwEnumerateValueKey [0xB7EC7030]
SSDT B8706D62 ZwLoadKey
SSDT spht.sys ZwOpenKey [0xB7EA80C0]
SSDT B8706D30 ZwOpenProcess
SSDT B8706D35 ZwOpenThread
SSDT spht.sys ZwQueryKey [0xB7EC7108]
SSDT spht.sys ZwQueryValueKey [0xB7EC6F88]
SSDT B8706D6C ZwReplaceKey
SSDT B8706D67 ZwRestoreKey
SSDT B8706D58 ZwSetValueKey
SSDT B8706D3F ZwTerminateProcess
INT 0x63 ? 899B4BF8
INT 0x73 ? 8A5D0BF8
INT 0x73 ? 8A5D3BF8
INT 0x73 ? 899B4BF8
INT 0x73 ? 8A5D0BF8
INT 0x83 ? 8A55EBF8
INT 0x83 ? 8A55EBF8
INT 0x83 ? 899B4BF8
INT 0x83 ? 8A55EBF8
INT 0x94 ? 899B4BF8
INT 0xB4 ? 899B4BF8
INT 0xB4 ? 899B4BF8
INT 0xB4 ? 899B4BF8
INT 0xB4 ? 899B4BF8
---- Kernel code sections - GMER 1.0.15 ----
? spht.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70A2380, 0x550AF5, 0xE8000020]
.text USBPORT.SYS!DllUnload B70828AC 5 Bytes JMP 899B41D8
.text anyiz8uw.SYS B6FA6384 1 Byte [20]
.text anyiz8uw.SYS B6FA6384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text anyiz8uw.SYS B6FA63AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text anyiz8uw.SYS B6FA63C4 3 Bytes [00, 00, 00]
.text anyiz8uw.SYS B6FA63C9 1 Byte [00]
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB2EEF300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8490300, 0x1BCE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe[692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED1FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe[692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED2020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\GIGABYTE\ET6\GUI.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02091FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\GIGABYTE\ET6\GUI.exe[952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02092020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01281FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01282020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\RivaTuner v2.11\RivaTuner.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\RivaTuner v2.11\RivaTuner.exe[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003F1FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003F2020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B71FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B72020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe[2484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe[2484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[2768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[2768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\modules\WinList.exe[2908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\modules\WinList.exe[2908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Documents and Settings\Chang\My Documents\Antivirus\gmer.exe[3232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Documents and Settings\Chang\My Documents\Antivirus\gmer.exe[3232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text c:\program files\avira\antivir desktop\avcenter.exe[3904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA1FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text c:\program files\avira\antivir desktop\avcenter.exe[3904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA2020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A55C1F8
Device \Driver\usbuhci \Device\USBPDO-0 899EA1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5D11F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5D11F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5D11F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5D11F8
Device \Driver\usbuhci \Device\USBPDO-1 899EA1F8
Device \Driver\usbuhci \Device\USBPDO-2 899EA1F8
Device \Driver\usbehci \Device\USBPDO-3 89A081F8
Device \Driver\usbuhci \Device\USBPDO-4 899EA1F8
Device \Driver\usbuhci \Device\USBPDO-5 899EA1F8
Device \Driver\prodrv06 \Device\ProDrv06 E19D7A18
Device \Driver\usbuhci \Device\USBPDO-6 899EA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\usbehci \Device\USBPDO-7 89A081F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\Cdrom \Device\CdRom0 899ED1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\Cdrom \Device\CdRom1 899ED1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\iaStor0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-3 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\Ftdisk \Device\HarddiskVolume5 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\Ftdisk \Device\HarddiskVolume6 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\prohlp02 \Device\ProHlp02 E1012DC8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9AD0EBF1-581B-48ED-9879-FFBFB6209195} 8947D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8947D1F8
Device \Driver\NetBT \Device\NetbiosSmb 8947D1F8
Device \Driver\PCI_PNP1470 \Device\0000005a spht.sys
Device \Driver\usbuhci \Device\USBFDO-0 899EA1F8
Device \Driver\usbuhci \Device\USBFDO-1 899EA1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 893F01F8
Device \Driver\usbuhci \Device\USBFDO-2 899EA1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 893F01F8
Device \Driver\usbehci \Device\USBFDO-3 89A081F8
Device \Driver\usbuhci \Device\USBFDO-4 899EA1F8
Device \Driver\Ftdisk \Device\FtControl 8A55F1F8
Device \Driver\usbuhci \Device\USBFDO-5 899EA1F8
Device \Driver\usbuhci \Device\USBFDO-6 899EA1F8
Device \Driver\sptd \Device\4012591470 spht.sys
Device \Driver\usbehci \Device\USBFDO-7 89A081F8
Device \Driver\anyiz8uw \Device\Scsi\anyiz8uw1Port4Path0Target0Lun0 899D01F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8A55D1F8
Device \Driver\JRAID \Device\Scsi\JRAID1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\anyiz8uw \Device\Scsi\anyiz8uw1 899D01F8
Device \FileSystem\Cdfs \Cdfs 8947F1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a386
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a386@0016414ae3b9 0x07 0x35 0xA5 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x5B 0x3D 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3A 0xDB 0xE4 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0x42 0xD3 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD2 0xC8 0x80 0x19 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a386 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a386@0016414ae3b9 0x07 0x35 0xA5 0x49 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x5B 0x3D 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3A 0xDB 0xE4 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0x42 0xD3 0x99 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD2 0xC8 0x80 0x19 ...
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-31 22:38:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Chang\LOCALS~1\Temp\fxldypod.sys
---- System - GMER 1.0.15 ----
SSDT B8706D4E ZwCreateKey
SSDT B8706D44 ZwCreateThread
SSDT B8706D53 ZwDeleteKey
SSDT B8706D5D ZwDeleteValueKey
SSDT spht.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spht.sys ZwEnumerateValueKey [0xB7EC7030]
SSDT B8706D62 ZwLoadKey
SSDT spht.sys ZwOpenKey [0xB7EA80C0]
SSDT B8706D30 ZwOpenProcess
SSDT B8706D35 ZwOpenThread
SSDT spht.sys ZwQueryKey [0xB7EC7108]
SSDT spht.sys ZwQueryValueKey [0xB7EC6F88]
SSDT B8706D6C ZwReplaceKey
SSDT B8706D67 ZwRestoreKey
SSDT B8706D58 ZwSetValueKey
SSDT B8706D3F ZwTerminateProcess
INT 0x63 ? 899B4BF8
INT 0x73 ? 8A5D0BF8
INT 0x73 ? 8A5D3BF8
INT 0x73 ? 899B4BF8
INT 0x73 ? 8A5D0BF8
INT 0x83 ? 8A55EBF8
INT 0x83 ? 8A55EBF8
INT 0x83 ? 899B4BF8
INT 0x83 ? 8A55EBF8
INT 0x94 ? 899B4BF8
INT 0xB4 ? 899B4BF8
INT 0xB4 ? 899B4BF8
INT 0xB4 ? 899B4BF8
INT 0xB4 ? 899B4BF8
---- Kernel code sections - GMER 1.0.15 ----
? spht.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB70A2380, 0x550AF5, 0xE8000020]
.text USBPORT.SYS!DllUnload B70828AC 5 Bytes JMP 899B41D8
.text anyiz8uw.SYS B6FA6384 1 Byte [20]
.text anyiz8uw.SYS B6FA6384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text anyiz8uw.SYS B6FA63AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text anyiz8uw.SYS B6FA63C4 3 Bytes [00, 00, 00]
.text anyiz8uw.SYS B6FA63C9 1 Byte [00]
.text ...
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB2EEF300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8490300, 0x1BCE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe[692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED1FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe[692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED2020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\GIGABYTE\ET6\GUI.exe[952] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02091FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\GIGABYTE\ET6\GUI.exe[952] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02092020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01281FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[1276] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01282020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\RivaTuner v2.11\RivaTuner.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\RivaTuner v2.11\RivaTuner.exe[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003F1FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003F2020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B71FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B72020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe[2484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe[2484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[2768] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\VirtuaWin.exe[2768] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\modules\WinList.exe[2908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Program Files\VirtuaWin\modules\WinList.exe[2908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Documents and Settings\Chang\My Documents\Antivirus\gmer.exe[3232] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text C:\Documents and Settings\Chang\My Documents\Antivirus\gmer.exe[3232] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10002020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text c:\program files\avira\antivir desktop\avcenter.exe[3904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA1FB0 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
.text c:\program files\avira\antivir desktop\avcenter.exe[3904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA2020 C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A55C1F8
Device \Driver\usbuhci \Device\USBPDO-0 899EA1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5D11F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5D11F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5D11F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5D11F8
Device \Driver\usbuhci \Device\USBPDO-1 899EA1F8
Device \Driver\usbuhci \Device\USBPDO-2 899EA1F8
Device \Driver\usbehci \Device\USBPDO-3 89A081F8
Device \Driver\usbuhci \Device\USBPDO-4 899EA1F8
Device \Driver\usbuhci \Device\USBPDO-5 899EA1F8
Device \Driver\prodrv06 \Device\ProDrv06 E19D7A18
Device \Driver\usbuhci \Device\USBPDO-6 899EA1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\usbehci \Device\USBPDO-7 89A081F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\Cdrom \Device\CdRom0 899ED1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\Cdrom \Device\CdRom1 899ED1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\iaStor0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-3 [B7D63360] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\Ftdisk \Device\HarddiskVolume5 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\Ftdisk \Device\HarddiskVolume6 8A55F1F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)
Device \Driver\prohlp02 \Device\ProHlp02 E1012DC8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9AD0EBF1-581B-48ED-9879-FFBFB6209195} 8947D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8947D1F8
Device \Driver\NetBT \Device\NetbiosSmb 8947D1F8
Device \Driver\PCI_PNP1470 \Device\0000005a spht.sys
Device \Driver\usbuhci \Device\USBFDO-0 899EA1F8
Device \Driver\usbuhci \Device\USBFDO-1 899EA1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 893F01F8
Device \Driver\usbuhci \Device\USBFDO-2 899EA1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 893F01F8
Device \Driver\usbehci \Device\USBFDO-3 89A081F8
Device \Driver\usbuhci \Device\USBFDO-4 899EA1F8
Device \Driver\Ftdisk \Device\FtControl 8A55F1F8
Device \Driver\usbuhci \Device\USBFDO-5 899EA1F8
Device \Driver\usbuhci \Device\USBFDO-6 899EA1F8
Device \Driver\sptd \Device\4012591470 spht.sys
Device \Driver\usbehci \Device\USBFDO-7 89A081F8
Device \Driver\anyiz8uw \Device\Scsi\anyiz8uw1Port4Path0Target0Lun0 899D01F8
Device \Driver\JRAID \Device\Scsi\JRAID1 8A55D1F8
Device \Driver\JRAID \Device\Scsi\JRAID1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\anyiz8uw \Device\Scsi\anyiz8uw1 899D01F8
Device \FileSystem\Cdfs \Cdfs 8947F1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a386
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a386@0016414ae3b9 0x07 0x35 0xA5 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x5B 0x3D 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3A 0xDB 0xE4 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0x42 0xD3 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD2 0xC8 0x80 0x19 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a386 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158315a386@0016414ae3b9 0x07 0x35 0xA5 0x49 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0x5B 0x3D 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3A 0xDB 0xE4 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBC 0x42 0xD3 0x99 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD2 0xC8 0x80 0x19 ...
---- EOF - GMER 1.0.15 ----
#4
Posted 02 August 2010 - 08:17 AM
OTL Log:
OTL logfile created on: 8/2/2010 10:08:15 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Chang\My Documents\Antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.00 Gb Total Space | 22.67 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
Drive D: | 867.51 Gb Total Space | 425.55 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 698.63 Gb Total Space | 135.55 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive G: | 698.64 Gb Total Space | 157.87 Gb Free Space | 22.60% Space Free | Partition Type: NTFS
Drive H: | 698.63 Gb Total Space | 343.35 Gb Free Space | 49.15% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 229.36 Gb Free Space | 32.83% Space Free | Partition Type: NTFS
Computer Name: FROOM
Current User Name: Chang
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/02 10:07:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chang\My Documents\Antivirus\OTL.exe
PRC - [2010/08/01 07:53:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/15 02:09:46 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/03/17 17:39:42 | 000,659,456 | ---- | M] (IDEVFH L.L.C.) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
PRC - [2009/09/17 21:45:27 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/09/10 19:21:00 | 000,126,464 | ---- | M] (VirtuaWin) -- C:\Program Files\VirtuaWin\VirtuaWin.exe
PRC - [2009/09/10 19:21:00 | 000,014,848 | ---- | M] () -- C:\Program Files\VirtuaWin\modules\WinList.exe
PRC - [2009/06/10 01:57:25 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/16 13:15:00 | 002,715,648 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\RivaTuner.exe
PRC - [2008/09/16 13:15:00 | 000,057,344 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
PRC - [2008/09/16 13:15:00 | 000,053,248 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverrider.exe
PRC - [2008/09/05 01:00:00 | 002,117,216 | ---- | M] (Lavalys, Inc.) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
PRC - [2008/08/08 15:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/07/16 18:23:36 | 000,880,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
PRC - [2008/06/18 06:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:43 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008/04/13 20:12:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 18:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GUI.exe
PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2007/09/26 19:05:58 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2007/01/30 01:39:34 | 001,432,064 | ---- | M] (Phoenix Labs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2006/10/26 14:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2005/02/17 08:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
========== Modules (SafeList) ==========
MOD - [2010/08/02 10:07:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chang\My Documents\Antivirus\OTL.exe
MOD - [2008/09/16 13:15:00 | 000,045,056 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\RivaTunerStatisticsServer\RTSSHooks.dll
MOD - [2008/09/16 13:15:00 | 000,028,672 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2009/09/17 21:45:27 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/17 20:30:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/03 12:41:06 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/06/10 01:57:25 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/12/10 12:59:29 | 000,262,144 | ---- | M] (KALiNKOsoft) [Auto | Stopped] -- C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2008/08/08 15:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\TVicPort64.sys -- (TVicPort64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - [2010/07/31 23:00:33 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/07/31 22:59:49 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/02/18 15:44:19 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/01/22 05:50:59 | 010,276,992 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/12/08 02:30:32 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/10 05:53:48 | 000,341,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/06/10 01:57:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/05/19 01:28:49 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys -- (AODDriver)
DRV - [2009/04/08 14:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/06 20:29:55 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/11/06 20:29:55 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/11/06 19:51:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/16 13:15:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.11\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/09/05 01:00:00 | 000,023,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/30 22:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/07/24 06:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/07 03:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/22 16:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/01/30 01:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2006/11/10 09:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2005/04/04 12:36:52 | 000,009,887 | ---- | M] (Ken Kato) [Kernel | On_Demand | Stopped] -- C:\System\vfd\vfd.sys -- (VirtualFD)
DRV - [2005/03/30 12:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2004/08/09 07:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 07:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 10:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.tvguide.c...aspx&zip=20723"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.55
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.12
FF - prefs.js..extensions.enabledItems: [email protected]:0.10.2010040201
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.8.3
FF - prefs.js..extensions.enabledItems: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}:1.0.2
FF - prefs.js..extensions.enabledItems: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:1.4.5
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/01 07:53:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 07:53:06 | 000,000,000 | ---D | M]
[2008/11/03 10:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Extensions
[2010/08/01 23:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions
[2010/01/30 14:24:03 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/04/08 23:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2010/07/28 23:55:53 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/04/27 08:43:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/21 22:30:48 | 000,000,000 | ---D | M] (Context Search) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2010/02/21 04:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
[2010/07/28 23:55:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/23 20:43:51 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2010/04/27 08:43:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/27 08:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\[email protected]
[2010/07/28 23:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\[email protected]
[2010/04/08 23:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\[email protected]
[2010/07/31 12:56:02 | 000,002,603 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\gamefaqs.xml
[2010/07/31 12:56:02 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\google-maps.xml
[2010/07/31 12:56:02 | 000,002,580 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\imdb.xml
[2010/07/31 12:56:01 | 000,001,161 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\rateyourmusic.xml
[2010/07/31 12:56:02 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\rotten-tomatoes.xml
[2010/08/01 23:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [D3DOverrider] C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverrider.exe ()
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe (PreRun)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [RivaTuner] C:\Program Files\RivaTuner v2.11\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.11\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStatisticsServer] C:\Program Files\RivaTuner v2.11\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe (Lavalys, Inc.)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187B Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\AWC (lower priority).lnk = C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\EVEREST Ultimate Edition.lnk = C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe (Lavalys, Inc.)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\Vuze.lnk = C:\Program Files\Vuze\Azureus.exe (Vuze Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...5/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1225700775000 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1256048535375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\DOCUME~1\Chang\LOCALS~1\Temp\AutoWall.bmp
O24 - Desktop BackupWallPaper: C:\DOCUME~1\Chang\LOCALS~1\Temp\AutoWall.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\SYSTEM\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8d39d2b-b371-11dd-956b-0014d15410cd}\Shell - "" = AutoRun
O33 - MountPoints2\{d8d39d2b-b371-11dd-956b-0014d15410cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d8d39d2b-b371-11dd-956b-0014d15410cd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/07/31 15:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\Application Data\Malwarebytes
[2010/07/31 15:19:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/31 15:19:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/31 15:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/31 15:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/31 15:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/31 15:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/31 15:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\My Documents\Antivirus
[2010/07/31 14:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\My Documents\Import
[2010/07/28 03:01:27 | 000,000,000 | ---D | C] -- C:\_Drop-Box
[2010/07/05 00:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\Desktop\Adobe
[2010/06/11 21:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema
[2010/06/05 02:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\My Documents\Adobe Scripts
[2010/06/03 23:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\Application Data\HDRsoft
[2010/06/03 23:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro3
[2010/05/20 22:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/05/20 22:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
========== Files - Modified Within 90 Days ==========
[2010/08/02 10:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/02 09:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/02 02:14:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/02 02:05:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\defrag h.job
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/01 08:08:36 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\Chang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/31 23:00:33 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2010/07/31 23:00:33 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2010/07/31 23:00:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/31 22:59:53 | 000,267,212 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/31 22:59:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/31 22:59:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 15:19:00 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Chang\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/31 15:15:49 | 035,389,440 | -H-- | M] () -- C:\Documents and Settings\Chang\NTUSER.DAT
[2010/07/31 15:15:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chang\ntuser.ini
[2010/07/31 15:10:50 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2010/07/30 17:09:50 | 000,567,948 | -H-- | M] () -- C:\Documents and Settings\Chang\Local Settings\Application Data\IconCache.db
[2010/07/29 02:00:40 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\defrag d.job
[2010/07/28 02:00:31 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\defrag c.job
[2010/07/24 12:20:04 | 000,000,400 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/05 00:12:16 | 000,001,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.lnk
[2010/07/04 14:48:31 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/04 05:56:50 | 000,505,286 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/04 05:56:50 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/04 05:56:50 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/13 21:09:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/09 03:26:42 | 002,143,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/03 23:04:46 | 000,034,308 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2010/05/21 01:57:06 | 000,000,033 | ---- | M] () -- C:\WINDOWS\gen_nic.ini
[2010/05/20 03:10:50 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
========== Files Created - No Company Name ==========
[2010/07/31 15:19:00 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Chang\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/24 12:20:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/05 00:12:16 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.lnk
[2010/07/05 00:09:39 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/07/05 00:09:09 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/06/03 23:04:46 | 000,034,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2010/05/20 03:10:50 | 000,001,919 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/21 20:27:37 | 000,000,033 | ---- | C] () -- C:\WINDOWS\gen_nic.ini
[2010/01/02 17:49:55 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/01/02 17:46:37 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/30 21:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/06 19:01:10 | 009,838,080 | ---- | C] () -- C:\WINDOWS\System32\tlidenoise30.dll
[2009/05/31 14:19:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/12/10 12:37:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2008/12/10 12:37:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/12/10 12:37:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll
[2008/11/18 18:44:27 | 000,000,338 | ---- | C] () -- C:\WINDOWS\d3xp.ini
[2008/11/18 18:39:28 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2008/11/18 18:32:55 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/12 14:39:20 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/11/06 20:29:55 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/11/06 20:29:55 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/11/06 19:51:20 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/06 19:09:54 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2008/11/03 22:10:51 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/03 10:41:35 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/03 10:41:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/03 10:34:45 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/11/03 04:13:40 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2008/10/07 14:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
========== LOP Check ==========
[2008/11/03 21:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/01/10 13:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2008/11/09 00:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BCR
[2010/06/04 19:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/11/05 01:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2008/11/06 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/12/07 23:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2008/12/28 02:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/03/14 17:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/17 03:49:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2010/07/31 23:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Azureus
[2008/12/08 00:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Bioshock
[2010/02/10 17:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Braid
[2010/01/02 02:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Crayon Physics Deluxe
[2008/11/03 11:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\DAEMON Tools
[2008/12/15 20:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\fretsonfire
[2010/06/03 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\HDRsoft
[2008/12/10 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\KALiNKOsoft
[2009/12/01 01:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mp3tag
[2008/11/16 22:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\My Games
[2010/01/02 17:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\PrimoPDF
[2008/12/24 22:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Spore
[2008/11/13 22:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Switchball
[2008/11/27 02:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Thinstall
[2010/01/28 03:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\VirtuaWin
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/07/28 02:00:31 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\defrag c.job
[2010/07/29 02:00:40 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\defrag d.job
[2010/08/02 02:05:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\defrag h.job
[2010/08/02 10:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/02/24 20:42:04 | 000,000,440 | ---- | M] () -- C:\az.log
[2008/12/08 09:00:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/11/03 03:42:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/15 20:03:03 | 000,000,478 | ---- | M] () -- C:\LOG6.log
[2008/11/03 03:42:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 16:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/03 09:35:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/31 22:59:12 | 2147,483,648 | -HS- | M] () -- C:\pagefile.sys
[2010/03/15 17:08:46 | 000,000,241 | ---- | M] () -- C:\plugin.ini
[2008/11/03 04:03:05 | 000,000,429 | ---- | M] () -- C:\RHDSetup.log
[2010/07/28 00:38:20 | 000,030,104 | ---- | M] () -- C:\RootRepeal report 07-28-10 (00-38-20).txt
[2010/07/28 00:41:35 | 000,030,118 | ---- | M] () -- C:\RootRepeal report 07-28-10 (00-41-35).txt
[2010/07/31 23:00:19 | 000,000,128 | ---- | M] () -- C:\service.log
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2008/11/03 03:41:40 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2004/09/03 19:00:00 | 000,802,816 | ---- | M] (Sprout Games, LLC) -- C:\WINDOWS\FeedingFrenzy.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/11/02 22:27:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/02 22:27:05 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/02 22:27:05 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-24 16:20:18
========== Alternate Data Streams ==========
@Alternate Data Stream - 504 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073341D1
@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation
< End of report >
OTL logfile created on: 8/2/2010 10:08:15 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Chang\My Documents\Antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.00 Gb Total Space | 22.67 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
Drive D: | 867.51 Gb Total Space | 425.55 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 698.63 Gb Total Space | 135.55 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive G: | 698.64 Gb Total Space | 157.87 Gb Free Space | 22.60% Space Free | Partition Type: NTFS
Drive H: | 698.63 Gb Total Space | 343.35 Gb Free Space | 49.15% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 229.36 Gb Free Space | 32.83% Space Free | Partition Type: NTFS
Computer Name: FROOM
Current User Name: Chang
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/02 10:07:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chang\My Documents\Antivirus\OTL.exe
PRC - [2010/08/01 07:53:00 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/15 02:09:46 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/03/17 17:39:42 | 000,659,456 | ---- | M] (IDEVFH L.L.C.) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
PRC - [2009/09/17 21:45:27 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/09/10 19:21:00 | 000,126,464 | ---- | M] (VirtuaWin) -- C:\Program Files\VirtuaWin\VirtuaWin.exe
PRC - [2009/09/10 19:21:00 | 000,014,848 | ---- | M] () -- C:\Program Files\VirtuaWin\modules\WinList.exe
PRC - [2009/06/10 01:57:25 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/16 13:15:00 | 002,715,648 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\RivaTuner.exe
PRC - [2008/09/16 13:15:00 | 000,057,344 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe
PRC - [2008/09/16 13:15:00 | 000,053,248 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverrider.exe
PRC - [2008/09/05 01:00:00 | 002,117,216 | ---- | M] (Lavalys, Inc.) -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
PRC - [2008/08/08 15:24:42 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/07/16 18:23:36 | 000,880,640 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
PRC - [2008/06/18 06:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 20:12:43 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logon.scr
PRC - [2008/04/13 20:12:32 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdpclip.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 18:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\GIGABYTE\ET6\GUI.exe
PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2007/09/26 19:05:58 | 000,734,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2007/01/30 01:39:34 | 001,432,064 | ---- | M] (Phoenix Labs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2006/10/26 14:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2005/02/17 08:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
========== Modules (SafeList) ==========
MOD - [2010/08/02 10:07:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chang\My Documents\Antivirus\OTL.exe
MOD - [2008/09/16 13:15:00 | 000,045,056 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\RivaTunerStatisticsServer\RTSSHooks.dll
MOD - [2008/09/16 13:15:00 | 000,028,672 | ---- | M] () -- C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverriderHooks.dll
MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2009/09/17 21:45:27 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/17 20:30:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/03 12:41:06 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/06/10 01:57:25 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/12/10 12:59:29 | 000,262,144 | ---- | M] (KALiNKOsoft) [Auto | Stopped] -- C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2008/08/08 15:24:42 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\TVicPort64.sys -- (TVicPort64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - [2010/07/31 23:00:33 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/07/31 22:59:49 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/02/18 15:44:19 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/01/22 05:50:59 | 010,276,992 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/12/08 02:30:32 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/10 05:53:48 | 000,341,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/06/10 01:57:26 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/05/19 01:28:49 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys -- (AODDriver)
DRV - [2009/04/08 14:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/06 20:29:55 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/11/06 20:29:55 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/11/06 19:51:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/16 13:15:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.11\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/09/05 01:00:00 | 000,023,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/30 22:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/07/24 06:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/07 03:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/22 16:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/01/30 01:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2006/11/10 09:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2005/10/21 08:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2005/04/04 12:36:52 | 000,009,887 | ---- | M] (Ken Kato) [Kernel | On_Demand | Stopped] -- C:\System\vfd\vfd.sys -- (VirtualFD)
DRV - [2005/03/30 12:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2004/08/09 07:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 07:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 10:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.tvguide.c...aspx&zip=20723"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.55
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.5.12
FF - prefs.js..extensions.enabledItems: [email protected]:0.10.2010040201
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.8.3
FF - prefs.js..extensions.enabledItems: {A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}:1.0.2
FF - prefs.js..extensions.enabledItems: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:1.4.5
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/01 07:53:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 07:53:06 | 000,000,000 | ---D | M]
[2008/11/03 10:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Extensions
[2010/08/01 23:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions
[2010/01/30 14:24:03 | 000,000,000 | ---D | M] (Resurrect Pages) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/04/08 23:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2010/07/28 23:55:53 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/04/27 08:43:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/21 22:30:48 | 000,000,000 | ---D | M] (Context Search) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2010/02/21 04:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}
[2010/07/28 23:55:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/23 20:43:51 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2010/04/27 08:43:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/04/27 08:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\[email protected]
[2010/07/28 23:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\[email protected]
[2010/04/08 23:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\extensions\[email protected]
[2010/07/31 12:56:02 | 000,002,603 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\gamefaqs.xml
[2010/07/31 12:56:02 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\google-maps.xml
[2010/07/31 12:56:02 | 000,002,580 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\imdb.xml
[2010/07/31 12:56:01 | 000,001,161 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\rateyourmusic.xml
[2010/07/31 12:56:02 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Chang\Application Data\Mozilla\Firefox\Profiles\njaivx3w.default\searchplugins\rotten-tomatoes.xml
[2010/08/01 23:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [D3DOverrider] C:\Program Files\RivaTuner v2.11\Tools\D3DOverrider\D3DOverrider.exe ()
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [GBTUpd] C:\Program Files\GIGABYTE\GBTUpd\PreRun.exe (PreRun)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [RivaTuner] C:\Program Files\RivaTuner v2.11\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.11\RivaTuner.exe ()
O4 - HKLM..\Run: [RivaTunerStatisticsServer] C:\Program Files\RivaTuner v2.11\Tools\RivaTunerStatisticsServer\RivaTunerStatisticsServer.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe (Lavalys, Inc.)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187B Wireless LAN Utility.lnk = C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\AWC (lower priority).lnk = C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\EVEREST Ultimate Edition.lnk = C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe (Lavalys, Inc.)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\VirtuaWin.lnk = C:\Program Files\VirtuaWin\VirtuaWin.exe (VirtuaWin)
O4 - Startup: C:\Documents and Settings\Chang\Start Menu\Programs\Startup\Vuze.lnk = C:\Program Files\Vuze\Azureus.exe (Vuze Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...5/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1225700775000 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1256048535375 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\DOCUME~1\Chang\LOCALS~1\Temp\AutoWall.bmp
O24 - Desktop BackupWallPaper: C:\DOCUME~1\Chang\LOCALS~1\Temp\AutoWall.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\SYSTEM\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8d39d2b-b371-11dd-956b-0014d15410cd}\Shell - "" = AutoRun
O33 - MountPoints2\{d8d39d2b-b371-11dd-956b-0014d15410cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d8d39d2b-b371-11dd-956b-0014d15410cd}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/07/31 15:19:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\Application Data\Malwarebytes
[2010/07/31 15:19:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/31 15:19:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/31 15:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/31 15:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/31 15:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/31 15:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/31 15:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\My Documents\Antivirus
[2010/07/31 14:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\My Documents\Import
[2010/07/28 03:01:27 | 000,000,000 | ---D | C] -- C:\_Drop-Box
[2010/07/05 00:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\Desktop\Adobe
[2010/06/11 21:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema
[2010/06/05 02:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\My Documents\Adobe Scripts
[2010/06/03 23:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chang\Application Data\HDRsoft
[2010/06/03 23:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro3
[2010/05/20 22:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/05/20 22:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
========== Files - Modified Within 90 Days ==========
[2010/08/02 10:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/02 09:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/02 02:14:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/02 02:05:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\defrag h.job
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/01 08:08:36 | 000,108,032 | ---- | M] () -- C:\Documents and Settings\Chang\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/31 23:00:33 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2010/07/31 23:00:33 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2010/07/31 23:00:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/31 22:59:53 | 000,267,212 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/31 22:59:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/31 22:59:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/31 15:19:00 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Chang\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/31 15:15:49 | 035,389,440 | -H-- | M] () -- C:\Documents and Settings\Chang\NTUSER.DAT
[2010/07/31 15:15:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Chang\ntuser.ini
[2010/07/31 15:10:50 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\zlib.dll
[2010/07/30 17:09:50 | 000,567,948 | -H-- | M] () -- C:\Documents and Settings\Chang\Local Settings\Application Data\IconCache.db
[2010/07/29 02:00:40 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\defrag d.job
[2010/07/28 02:00:31 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\defrag c.job
[2010/07/24 12:20:04 | 000,000,400 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/05 00:12:16 | 000,001,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.lnk
[2010/07/04 14:48:31 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/04 05:56:50 | 000,505,286 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/04 05:56:50 | 000,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/04 05:56:50 | 000,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/13 21:09:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/09 03:26:42 | 002,143,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/03 23:04:46 | 000,034,308 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2010/05/21 01:57:06 | 000,000,033 | ---- | M] () -- C:\WINDOWS\gen_nic.ini
[2010/05/20 03:10:50 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
========== Files Created - No Company Name ==========
[2010/07/31 15:19:00 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Chang\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/24 12:20:04 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/05 00:12:16 | 000,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lightroom 3.lnk
[2010/07/05 00:09:39 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/07/05 00:09:09 | 000,000,372 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/06/03 23:04:46 | 000,034,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mazuki.dll
[2010/05/20 03:10:50 | 000,001,919 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/21 20:27:37 | 000,000,033 | ---- | C] () -- C:\WINDOWS\gen_nic.ini
[2010/01/02 17:49:55 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/01/02 17:46:37 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/30 21:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/06/06 19:01:10 | 009,838,080 | ---- | C] () -- C:\WINDOWS\System32\tlidenoise30.dll
[2009/05/31 14:19:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/12/10 12:37:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2008/12/10 12:37:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/12/10 12:37:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll
[2008/11/18 18:44:27 | 000,000,338 | ---- | C] () -- C:\WINDOWS\d3xp.ini
[2008/11/18 18:39:28 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2008/11/18 18:32:55 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/11/12 14:39:20 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/11/06 20:29:55 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/11/06 20:29:55 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/11/06 19:51:20 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/11/06 19:09:54 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2008/11/03 22:10:51 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/11/03 10:41:35 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/03 10:41:35 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/03 10:34:45 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/11/03 04:13:40 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2008/10/07 14:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
========== LOP Check ==========
[2008/11/03 21:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/01/10 13:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2008/11/09 00:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BCR
[2010/06/04 19:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/11/05 01:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2008/11/06 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2008/12/07 23:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2008/12/28 02:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/03/14 17:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/17 03:49:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
[2010/07/31 23:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Azureus
[2008/12/08 00:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Bioshock
[2010/02/10 17:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Braid
[2010/01/02 02:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Crayon Physics Deluxe
[2008/11/03 11:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\DAEMON Tools
[2008/12/15 20:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\fretsonfire
[2010/06/03 23:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\HDRsoft
[2008/12/10 12:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\KALiNKOsoft
[2009/12/01 01:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Mp3tag
[2008/11/16 22:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\My Games
[2010/01/02 17:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\PrimoPDF
[2008/12/24 22:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Spore
[2008/11/13 22:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Switchball
[2008/11/27 02:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\Thinstall
[2010/01/28 03:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chang\Application Data\VirtuaWin
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/01 15:00:00 | 000,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/07/28 02:00:31 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\defrag c.job
[2010/07/29 02:00:40 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\defrag d.job
[2010/08/02 02:05:22 | 000,000,262 | ---- | M] () -- C:\WINDOWS\Tasks\defrag h.job
[2010/08/02 10:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/02/24 20:42:04 | 000,000,440 | ---- | M] () -- C:\az.log
[2008/12/08 09:00:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/11/03 03:42:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/15 20:03:03 | 000,000,478 | ---- | M] () -- C:\LOG6.log
[2008/11/03 03:42:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 16:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/03 09:35:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/31 22:59:12 | 2147,483,648 | -HS- | M] () -- C:\pagefile.sys
[2010/03/15 17:08:46 | 000,000,241 | ---- | M] () -- C:\plugin.ini
[2008/11/03 04:03:05 | 000,000,429 | ---- | M] () -- C:\RHDSetup.log
[2010/07/28 00:38:20 | 000,030,104 | ---- | M] () -- C:\RootRepeal report 07-28-10 (00-38-20).txt
[2010/07/28 00:41:35 | 000,030,118 | ---- | M] () -- C:\RootRepeal report 07-28-10 (00-41-35).txt
[2010/07/31 23:00:19 | 000,000,128 | ---- | M] () -- C:\service.log
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2008/11/03 03:41:40 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2004/09/03 19:00:00 | 000,802,816 | ---- | M] (Sprout Games, LLC) -- C:\WINDOWS\FeedingFrenzy.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/11/02 22:27:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/02 22:27:05 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/02 22:27:05 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-24 16:20:18
========== Alternate Data Streams ==========
@Alternate Data Stream - 504 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:073341D1
@Alternate Data Stream - 128 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation
< End of report >
Edited by johnnyz86, 02 August 2010 - 08:21 AM.
#5
Posted 02 August 2010 - 08:18 AM
OTL Extras logfile created on: 8/2/2010 10:08:15 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Chang\My Documents\Antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.00 Gb Total Space | 22.67 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
Drive D: | 867.51 Gb Total Space | 425.55 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 698.63 Gb Total Space | 135.55 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive G: | 698.64 Gb Total Space | 157.87 Gb Free Space | 22.60% Space Free | Partition Type: NTFS
Drive H: | 698.63 Gb Total Space | 343.35 Gb Free Space | 49.15% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 229.36 Gb Free Space | 32.83% Space Free | Partition Type: NTFS
Computer Name: FROOM
Current User Name: Chang
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe" = C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe:*:Enabled:RunUpd -- (Gigabyte)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- File not found
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- File not found
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- File not found
"C:\Program Files\GIGABYTE\EnergySaver\UpdExe.exe" = C:\Program Files\GIGABYTE\EnergySaver\UpdExe.exe:*:Enabled:Exe File -- (GIGABYTE)
"C:\Program Files\GIGABYTE\EnergySaver\GBTUpd.exe" = C:\Program Files\GIGABYTE\EnergySaver\GBTUpd.exe:*:Enabled:GBTUpd.exe -- (GIGABYTE)
"D:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe" = D:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe:*:Enabled:Bionic Commando Rearmed -- ()
"D:\Games\GRID\GRID.exe" = D:\Games\GRID\GRID.exe:*:Disabled:GRID Executable -- (Codemasters)
"D:\Program Files\Electronic Arts\Dead Space\Dead Space.exe" = D:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™ -- ()
"D:\Program Files\Steam\steamapps\jingsu\counter-strike source\hl2.exe" = D:\Program Files\Steam\steamapps\jingsu\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"D:\Program Files\Steam\steamapps\jingsu\team fortress 2\hl2.exe" = D:\Program Files\Steam\steamapps\jingsu\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Games\Multiwinia Survival Of The Flattest\multiwinia.exe" = D:\Games\Multiwinia Survival Of The Flattest\multiwinia.exe:*:Enabled:Multiwinia -- (Introversion *UNL2K8*)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"D:\Program Files\Sierra\FEAR\FEAR.exe" = D:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- File not found
"D:\Program Files\Sierra\FEAR\FEARMP.exe" = D:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"D:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe" = D:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:*:Enabled:FEARXP -- (Monolith Productions, Inc.)
"D:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe" = D:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:*:Enabled:FEARXP2 -- (TimeGate Studios, Inc.)
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe" = D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"D:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = D:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"D:\Games\Worms Armageddon - New Edition\WA.exe" = D:\Games\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon -- (Team17 Software Ltd)
"D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare -- ()
"D:\Games\Mass Effect\Binaries\MassEffect.exe" = D:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"D:\Games\Mass Effect\MassEffectLauncher.exe" = D:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe" = C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = D:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"C:\Documents and Settings\Chang\Local Settings\Temp\Rar$EX00.859\SteamStats.exe" = C:\Documents and Settings\Chang\Local Settings\Temp\Rar$EX00.859\SteamStats.exe:*:Enabled:SteamStats -- File not found
"C:\Downloads\Games\SteamStats\SteamStats.exe" = C:\Downloads\Games\SteamStats\SteamStats.exe:*:Enabled:SteamStats -- File not found
"D:\Games\BTrix100\blocktrix.exe" = D:\Games\BTrix100\blocktrix.exe:*:Enabled:blocktrix -- ()
"C:\Program Files\GIGABYTE\GBTUpd\GBTUpd.exe" = C:\Program Files\GIGABYTE\GBTUpd\GBTUpd.exe:*:Enabled:GBTUpd.exe -- (GIGABYTE)
"D:\Program Files\Steam\steamapps\common\ghost master\ghost.exe" = D:\Program Files\Steam\steamapps\common\ghost master\ghost.exe:*:Enabled:Ghost Master -- (Empire Interactive)
"D:\Program Files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe" = D:\Program Files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:*:Enabled:Evil Genius -- ()
"D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe" = D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- (EA Digital Illusions CE AB)
"D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe" = D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA -- (EA Digital Illusions CE AB)
"D:\Program Files\Celeris\Virtual Pool 3 DL\vp3.exe" = D:\Program Files\Celeris\Virtual Pool 3 DL\vp3.exe:*:Enabled:Virtual Pool 3 DL -- (Celeris Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0280F0D8-1542-4DAA-913C-8529E2A3835D}" = The Longest Journey
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 14
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{30433BBA-5358-4B41-817E-E694092DC178}" = Crazy Machines II
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0908.1
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0905.1
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{57FC4A5A-D05C-EFAD-89E8-1B4131B4C725}" = Switchball
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{79208609-FD44-4865-AE2B-784FDF31212C}_is1" = GameHouse Super Games AIO®
"{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}" = Virtual Pool 3 DL
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0905.1
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch
"{8D0BB1D1-E9FB-49E9-A9C1-09C00F38DA0C}" = FEAR Perseus Mandate
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187B Wireless LAN Driver and Utility
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC67770B-581D-4E96-B72A-A7907CE18725}" = Colin McRae Rally 2005
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{d40af016-506c-43fb-a738-bd54fa8c1e85}" = Python 3.1.2
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{D751B34C-058F-42EF-BE95-14EBB0D2C585}" = Dreamfall
"{DB219559-1F78-4343-9A6E-C2E987AD47A3}" = Bionic Commando Rearmed
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King's Bounty. The Legend (Remove Only)
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F20AE04A-3FDC-4A14-A90B-85DEE2812030}" = Sam & Max Season 1
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FED34B00-1DA2-4F4C-A3EC-A5F5893F5D86}" = Float32 2.0
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Armadillo Run_is1" = Armadillo Run 1.0.3
"ASIO4ALL" = ASIO4ALL
"ATITool" = ATITool Overclocking Utility
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Classic Doom 3" = Classic Doom 3 1.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"Crazy Machines1.074" = Crazy Machines
"Darkstar One_is1" = Darkstar One
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Focus Magic" = Focus Magic
"Fraps" = Fraps
"Freelancer 1.0" = Freelancer
"Future Pinball_is1" = Future Pinball
"Galactic Civilizations II" = Galactic Civilizations II
"Galactic Civilizations II - Gold Edition" = Galactic Civilizations II - Gold Edition
"Gish" = Gish
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"Hamsterball_is1" = Hamsterball
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV: Winds of War
"Hugin_is1" = Hugin 0.7.0 (SVN 3465)
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.6.0 Q16_is1" = ImageMagick 6.6.0-5 Q16 (2010-03-15)
"InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0908.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0905.1
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IrfanView" = IrfanView (remove only)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007b" = MATLAB R2007b
"MemSet_is1" = MemSet 3.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.45a
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Orb" = Winamp Remote
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.5.0
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.7
"PhysX FluidMark_is1" = PhysX FluidMark v1.0.0
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Precision" = EVGA Precision 1.3.3
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"PunkBusterSvc" = PunkBuster Services
"ReClock" = ReClock (remove only)
"RivaTuner" = RivaTuner v2.11
"rm3d1.0_is1" = Rolling Madness 3D v1.0
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
"Sins of a Solar Empire" = Sins of a Solar Empire
"Stardock Central" = Stardock Central
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 26800" = Braid
"Steam App 300" = Day of Defeat: Source
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3483" = Peggle Extreme
"Steam App 3720" = Evil Genius
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 6200" = Ghost Master
"Steve Murphy's Automatic Wallpaper Changer_is1" = AWC V3.0.7
"The Suffering" = The Suffering (remove only)
"VirtuaWin_is1" = VirtuaWin v4.1
"VLC media player" = VLC media player 0.9.8a
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Worms Armageddon - New Edition" = Worms Armageddon - New Edition
"X3 Bonus Package_is1" = X3 Bonus Package 3.1.07
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Jago" = Jago
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/11/2010 7:12:05 PM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =
Error - 6/11/2010 8:12:05 PM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =
Error - 6/11/2010 9:12:05 PM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =
Error - 7/4/2010 5:05:54 AM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =
Error - 7/5/2010 12:51:24 PM | Computer Name = FROOM | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 7/16/2010 9:56:19 PM | Computer Name = FROOM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/16/2010 9:56:20 PM | Computer Name = FROOM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/31/2010 5:06:11 PM | Computer Name = FROOM | Source = Application Error | ID = 1000
Description = Faulting application pg2.exe, version 1.0.6.5, faulting module pg2.exe,
version 1.0.6.5, fault address 0x000608a5.
Error - 8/1/2010 10:27:38 PM | Computer Name = FROOM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0181c701.
Error - 8/1/2010 10:27:51 PM | Computer Name = FROOM | Source = Application Error | ID = 1001
Description = Fault bucket 1290553050.
[ System Events ]
Error - 7/31/2010 10:29:31 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 10:29:32 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 10:29:38 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 10:30:21 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 10:30:23 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 10:31:27 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 11:00:18 PM | Computer Name = FROOM | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 8/1/2010 12:46:57 AM | Computer Name = FROOM | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.
Error - 8/1/2010 3:00:00 PM | Computer Name = FROOM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 8/1/2010 3:00:00 PM | Computer Name = FROOM | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error: %%2147942402
< End of report >
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Chang\My Documents\Antivirus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.00 Gb Total Space | 22.67 Gb Free Space | 35.42% Space Free | Partition Type: NTFS
Drive D: | 867.51 Gb Total Space | 425.55 Gb Free Space | 49.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 698.63 Gb Total Space | 135.55 Gb Free Space | 19.40% Space Free | Partition Type: NTFS
Drive G: | 698.64 Gb Total Space | 157.87 Gb Free Space | 22.60% Space Free | Partition Type: NTFS
Drive H: | 698.63 Gb Total Space | 343.35 Gb Free Space | 49.15% Space Free | Partition Type: NTFS
Drive I: | 698.64 Gb Total Space | 229.36 Gb Free Space | 32.83% Space Free | Partition Type: NTFS
Computer Name: FROOM
Current User Name: Chang
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe" = C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe:*:Enabled:RunUpd -- (Gigabyte)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- File not found
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- File not found
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- File not found
"C:\Program Files\GIGABYTE\EnergySaver\UpdExe.exe" = C:\Program Files\GIGABYTE\EnergySaver\UpdExe.exe:*:Enabled:Exe File -- (GIGABYTE)
"C:\Program Files\GIGABYTE\EnergySaver\GBTUpd.exe" = C:\Program Files\GIGABYTE\EnergySaver\GBTUpd.exe:*:Enabled:GBTUpd.exe -- (GIGABYTE)
"D:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe" = D:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe:*:Enabled:Bionic Commando Rearmed -- ()
"D:\Games\GRID\GRID.exe" = D:\Games\GRID\GRID.exe:*:Disabled:GRID Executable -- (Codemasters)
"D:\Program Files\Electronic Arts\Dead Space\Dead Space.exe" = D:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Disabled:Dead Space ™ -- ()
"D:\Program Files\Steam\steamapps\jingsu\counter-strike source\hl2.exe" = D:\Program Files\Steam\steamapps\jingsu\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"D:\Program Files\Steam\steamapps\jingsu\team fortress 2\hl2.exe" = D:\Program Files\Steam\steamapps\jingsu\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"D:\Games\Multiwinia Survival Of The Flattest\multiwinia.exe" = D:\Games\Multiwinia Survival Of The Flattest\multiwinia.exe:*:Enabled:Multiwinia -- (Introversion *UNL2K8*)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
"D:\Program Files\Sierra\FEAR\FEAR.exe" = D:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR -- File not found
"D:\Program Files\Sierra\FEAR\FEARMP.exe" = D:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"D:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe" = D:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:*:Enabled:FEARXP -- (Monolith Productions, Inc.)
"D:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe" = D:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:*:Enabled:FEARXP2 -- (TimeGate Studios, Inc.)
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe" = D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = D:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"D:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe" = D:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire -- (Ironclad Games)
"D:\Games\Worms Armageddon - New Edition\WA.exe" = D:\Games\Worms Armageddon - New Edition\WA.exe:*:Enabled:Worms Armageddon -- (Team17 Software Ltd)
"D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare -- ()
"D:\Games\Mass Effect\Binaries\MassEffect.exe" = D:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"D:\Games\Mass Effect\MassEffectLauncher.exe" = D:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe" = C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = D:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"C:\Documents and Settings\Chang\Local Settings\Temp\Rar$EX00.859\SteamStats.exe" = C:\Documents and Settings\Chang\Local Settings\Temp\Rar$EX00.859\SteamStats.exe:*:Enabled:SteamStats -- File not found
"C:\Downloads\Games\SteamStats\SteamStats.exe" = C:\Downloads\Games\SteamStats\SteamStats.exe:*:Enabled:SteamStats -- File not found
"D:\Games\BTrix100\blocktrix.exe" = D:\Games\BTrix100\blocktrix.exe:*:Enabled:blocktrix -- ()
"C:\Program Files\GIGABYTE\GBTUpd\GBTUpd.exe" = C:\Program Files\GIGABYTE\GBTUpd\GBTUpd.exe:*:Enabled:GBTUpd.exe -- (GIGABYTE)
"D:\Program Files\Steam\steamapps\common\ghost master\ghost.exe" = D:\Program Files\Steam\steamapps\common\ghost master\ghost.exe:*:Enabled:Ghost Master -- (Empire Interactive)
"D:\Program Files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe" = D:\Program Files\Steam\steamapps\common\evil genius\EvilGeniusLauncher.exe:*:Enabled:Evil Genius -- ()
"D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe" = D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- (EA Digital Illusions CE AB)
"D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe" = D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA -- (EA Digital Illusions CE AB)
"D:\Program Files\Celeris\Virtual Pool 3 DL\vp3.exe" = D:\Program Files\Celeris\Virtual Pool 3 DL\vp3.exe:*:Enabled:Virtual Pool 3 DL -- (Celeris Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0280F0D8-1542-4DAA-913C-8529E2A3835D}" = The Longest Journey
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 14
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{30433BBA-5358-4B41-817E-E694092DC178}" = Crazy Machines II
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0908.1
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0905.1
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{57FC4A5A-D05C-EFAD-89E8-1B4131B4C725}" = Switchball
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E804CC-A148-4C8F-AD46-0B476EFE34C2}" = Microsoft Image Composite Editor
"{79208609-FD44-4865-AE2B-784FDF31212C}_is1" = GameHouse Super Games AIO®
"{7B4873B0-71FF-4BAA-8072-1DEE154C54E4}" = Virtual Pool 3 DL
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0905.1
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch
"{8D0BB1D1-E9FB-49E9-A9C1-09C00F38DA0C}" = FEAR Perseus Mandate
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187B Wireless LAN Driver and Utility
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC67770B-581D-4E96-B72A-A7907CE18725}" = Colin McRae Rally 2005
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{d40af016-506c-43fb-a738-bd54fa8c1e85}" = Python 3.1.2
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{D751B34C-058F-42EF-BE95-14EBB0D2C585}" = Dreamfall
"{DB219559-1F78-4343-9A6E-C2E987AD47A3}" = Bionic Commando Rearmed
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King's Bounty. The Legend (Remove Only)
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F20AE04A-3FDC-4A14-A90B-85DEE2812030}" = Sam & Max Season 1
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FED34B00-1DA2-4F4C-A3EC-A5F5893F5D86}" = Float32 2.0
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Armadillo Run_is1" = Armadillo Run 1.0.3
"ASIO4ALL" = ASIO4ALL
"ATITool" = ATITool Overclocking Utility
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Classic Doom 3" = Classic Doom 3 1.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"Crazy Machines1.074" = Crazy Machines
"Darkstar One_is1" = Darkstar One
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Focus Magic" = Focus Magic
"Fraps" = Fraps
"Freelancer 1.0" = Freelancer
"Future Pinball_is1" = Future Pinball
"Galactic Civilizations II" = Galactic Civilizations II
"Galactic Civilizations II - Gold Edition" = Galactic Civilizations II - Gold Edition
"Gish" = Gish
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"Hamsterball_is1" = Hamsterball
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV: Winds of War
"Hugin_is1" = Hugin 0.7.0 (SVN 3465)
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.6.0 Q16_is1" = ImageMagick 6.6.0-5 Q16 (2010-03-15)
"InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.0908.1
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B08.0905.1
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IrfanView" = IrfanView (remove only)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007b" = MATLAB R2007b
"MemSet_is1" = MemSet 3.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.45a
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Orb" = Winamp Remote
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.5.0
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.7
"PhysX FluidMark_is1" = PhysX FluidMark v1.0.0
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Precision" = EVGA Precision 1.3.3
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"PunkBusterSvc" = PunkBuster Services
"ReClock" = ReClock (remove only)
"RivaTuner" = RivaTuner v2.11
"rm3d1.0_is1" = Rolling Madness 3D v1.0
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
"Sins of a Solar Empire" = Sins of a Solar Empire
"Stardock Central" = Stardock Central
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 26800" = Braid
"Steam App 300" = Day of Defeat: Source
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3483" = Peggle Extreme
"Steam App 3720" = Evil Genius
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 6200" = Ghost Master
"Steve Murphy's Automatic Wallpaper Changer_is1" = AWC V3.0.7
"The Suffering" = The Suffering (remove only)
"VirtuaWin_is1" = VirtuaWin v4.1
"VLC media player" = VLC media player 0.9.8a
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Worms Armageddon - New Edition" = Worms Armageddon - New Edition
"X3 Bonus Package_is1" = X3 Bonus Package 3.1.07
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Jago" = Jago
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/11/2010 7:12:05 PM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =
Error - 6/11/2010 8:12:05 PM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =
Error - 6/11/2010 9:12:05 PM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =
Error - 7/4/2010 5:05:54 AM | Computer Name = FROOM | Source = Google Update | ID = 20
Description =
Error - 7/5/2010 12:51:24 PM | Computer Name = FROOM | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 7/16/2010 9:56:19 PM | Computer Name = FROOM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/16/2010 9:56:20 PM | Computer Name = FROOM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
Error - 7/31/2010 5:06:11 PM | Computer Name = FROOM | Source = Application Error | ID = 1000
Description = Faulting application pg2.exe, version 1.0.6.5, faulting module pg2.exe,
version 1.0.6.5, fault address 0x000608a5.
Error - 8/1/2010 10:27:38 PM | Computer Name = FROOM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0181c701.
Error - 8/1/2010 10:27:51 PM | Computer Name = FROOM | Source = Application Error | ID = 1001
Description = Fault bucket 1290553050.
[ System Events ]
Error - 7/31/2010 10:29:31 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 10:29:32 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 10:29:38 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 10:30:21 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 10:30:23 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 10:31:27 PM | Computer Name = FROOM | Source = TermService | ID = 1036
Description = Terminal Server session creation failed. The relevant status code
was 0xC0000262.
Error - 7/31/2010 11:00:18 PM | Computer Name = FROOM | Source = Service Control Manager | ID = 7034
Description = The PinnacleUpdate Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 8/1/2010 12:46:57 AM | Computer Name = FROOM | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.
Error - 8/1/2010 3:00:00 PM | Computer Name = FROOM | Source = Schedule | ID = 7901
Description = The At1.job command failed to start due to the following error: %%2147942402
Error - 8/1/2010 3:00:00 PM | Computer Name = FROOM | Source = Schedule | ID = 7901
Description = The At2.job command failed to start due to the following error: %%2147942402
< End of report >
Edited by johnnyz86, 02 August 2010 - 08:26 AM.
#6
Posted 02 August 2010 - 06:02 PM
Any other information needed?
Edited by johnnyz86, 02 August 2010 - 06:12 PM.
#7
Posted 03 August 2010 - 08:59 PM
still looking for help.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users