Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

persistent Malware.Trace infection


  • Please log in to reply

#1
thyris

thyris

    New Member

  • Member
  • Pip
  • 1 posts
I've run Kaspersky, MBAM, and SUPERAntiSpyware, but persistently malware.trace continuously shows up, and I'm not entirely certain why it refuses to go away. I searched this forum and applied some fixes from another thread in which someone else had the same problem, but I'm not sure that it is gone, or if there is some other problem I'm missing. Firefox is my primary browser, and it is still running much more slowly than it should be, even though the only detected issue has been trace.

So here's the OTL log, hopefully you guys can help me see what I'm missing. Thanks so much for this site, you guys are excellent. I use this site to find the best spyware removal programs when the one I use just isn't up to par. The switch from Ewido/AVG to MBAM in your recommendations being one of my personal favourite recommendations.

I think I got the infection from a nocd crack (I like to keep my CDs for installations only, not play) for one of these games: Penumbra or Requiem.

Without further ado, the logs:

OTL.txt:

OTL logfile created on: 12/14/2010 2:57:22 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Thyris Discordia\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.41 Gb Total Space | 40.93 Gb Free Space | 17.69% Space Free | Partition Type: NTFS

Computer Name: THYRISDISCORDIA | User Name: Thyris Discordia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/14 14:49:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Thyris Discordia\Downloads\OTL.exe
PRC - [2010/11/29 17:42:14 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/10/26 23:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/26 23:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/15 04:50:53 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2010/09/15 04:50:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe


========== Modules (SafeList) ==========

MOD - [2010/12/14 14:49:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Thyris Discordia\Downloads\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 18:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\FastUv32.dll -- (FastUserSwitchingCompatibility)
SRV:64bit: - [2010/08/03 18:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/28 14:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/08/07 05:26:50 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
SRV:64bit: - [2007/02/11 23:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Disabled | Stopped] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/04 22:10:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/15 13:40:15 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/03 19:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/08/03 19:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/03 18:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/17 02:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/06/14 02:41:10 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/21 17:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/30 19:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:46:50 | 000,064,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 14:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/23 00:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 02:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2007/11/09 04:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/08/07 05:26:36 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2007/08/03 02:08:42 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/08/03 02:05:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/08/03 02:04:30 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/19 05:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2008/11/14 01:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 94 F8 88 95 7C CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {a8864317-e18b-4292-99d9-e6e65ab905d3}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {788CB3CE-CBAC-4B93-87C7-982521FDE9D5}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{788CB3CE-CBAC-4B93-87C7-982521FDE9D5}: C:\Users\Thyris Discordia\AppData\Local\{788CB3CE-CBAC-4B93-87C7-982521FDE9D5}\ [2010/12/14 03:30:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/08 01:40:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/08 01:43:38 | 000,000,000 | ---D | M]

[2010/11/08 01:40:17 | 000,000,000 | ---D | M] -- C:\Users\Thyris Discordia\AppData\Roaming\Mozilla\Extensions
[2010/12/14 03:33:20 | 000,000,000 | ---D | M] -- C:\Users\Thyris Discordia\AppData\Roaming\Mozilla\Firefox\Profiles\ueuiyn8a.default\extensions
[2010/11/08 01:55:09 | 000,000,000 | ---D | M] (Runescape Community Toolbar) -- C:\Users\Thyris Discordia\AppData\Roaming\Mozilla\Firefox\Profiles\ueuiyn8a.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}
[2010/11/08 01:44:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Thyris Discordia\AppData\Roaming\Mozilla\Firefox\Profiles\ueuiyn8a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/14 03:52:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/08 01:43:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/08 04:17:56 | 000,002,212 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e1f0b19-e89d-11df-bf92-001e6874d661}\Shell - "" = AutoRun
O33 - MountPoints2\{2e1f0b19-e89d-11df-bf92-001e6874d661}\Shell\AutoRun\command - "" = E:\FalloutTacticsLauncher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/14 14:28:30 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/12/14 14:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/12/14 14:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010/12/14 03:58:44 | 000,000,000 | ---D | C] -- C:\Users\Thyris Discordia\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/14 03:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/14 03:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/12/14 03:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/14 03:37:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/14 03:31:58 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/12/14 03:30:35 | 000,000,000 | ---D | C] -- C:\Users\Thyris Discordia\AppData\Local\{788CB3CE-CBAC-4B93-87C7-982521FDE9D5}
[2010/12/14 03:28:08 | 000,000,000 | ---D | C] -- C:\Users\Thyris Discordia\Desktop\tdsskiller
[2010/12/14 03:27:33 | 000,000,000 | ---D | C] -- C:\Users\Thyris Discordia\Desktop\GooredFix Backups
[2010/12/14 03:22:00 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Thyris Discordia\Desktop\GooredFix.exe
[2010/12/14 03:19:12 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/12/14 03:18:43 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Users\Thyris Discordia\Desktop\OTM.exe

========== Files - Modified Within 30 Days ==========

[2010/12/14 14:40:50 | 000,030,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/14 14:40:49 | 000,030,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/14 14:30:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/14 14:30:05 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/14 14:27:01 | 000,001,007 | ---- | M] () -- C:\Users\Thyris Discordia\Desktop\SpywareBlaster.lnk
[2010/12/14 14:11:04 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1941278284-4073756085-1283857702-1000UA.job
[2010/12/14 04:24:57 | 000,791,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/14 04:24:57 | 000,668,774 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/14 04:24:57 | 000,124,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/14 04:16:23 | 000,258,764 | RHS- | M] () -- C:\QKMZA
[2010/12/14 04:16:23 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/12/14 03:56:47 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/14 03:22:08 | 001,230,779 | ---- | M] () -- C:\Users\Thyris Discordia\Desktop\tdsskiller.zip
[2010/12/14 03:22:01 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Thyris Discordia\Desktop\GooredFix.exe
[2010/12/14 03:18:46 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Users\Thyris Discordia\Desktop\OTM.exe
[2010/12/14 02:50:04 | 000,000,120 | ---- | M] () -- C:\Users\Thyris Discordia\AppData\Local\Gfupoz.dat
[2010/12/14 02:50:04 | 000,000,000 | ---- | M] () -- C:\Users\Thyris Discordia\AppData\Local\Xkehal.bin
[2010/12/13 23:52:24 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/12/13 23:46:56 | 000,438,840 | RHS- | M] () -- C:\bootxez
[2010/12/13 23:46:56 | 000,009,216 | RHS- | M] () -- C:\XELDZ.1st
[2010/12/13 23:37:28 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1941278284-4073756085-1283857702-1000Core.job
[2010/12/13 23:15:01 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/12/14 14:27:01 | 000,001,007 | ---- | C] () -- C:\Users\Thyris Discordia\Desktop\SpywareBlaster.lnk
[2010/12/14 04:16:23 | 000,258,764 | RHS- | C] () -- C:\QKMZA
[2010/12/14 04:16:23 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/12/14 03:56:47 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/14 03:22:05 | 001,230,779 | ---- | C] () -- C:\Users\Thyris Discordia\Desktop\tdsskiller.zip
[2010/11/09 14:30:00 | 000,000,120 | ---- | C] () -- C:\Users\Thyris Discordia\AppData\Local\Gfupoz.dat
[2010/11/09 14:30:00 | 000,000,000 | ---- | C] () -- C:\Users\Thyris Discordia\AppData\Local\Xkehal.bin
[2010/11/05 16:25:41 | 000,000,104 | ---- | C] () -- C:\Users\Thyris Discordia\AppData\Local\fusioncache.dat
[2010/11/04 05:35:37 | 000,807,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/04 05:27:39 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
[2010/11/04 05:27:39 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
[2010/11/04 05:27:39 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/05 21:10:15 | 000,000,000 | ---D | M] -- C:\Users\Thyris Discordia\AppData\Roaming\Bioshock
[2010/11/05 16:37:53 | 000,000,000 | ---D | M] -- C:\Users\Thyris Discordia\AppData\Roaming\Codemasters
[2010/11/04 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\Thyris Discordia\AppData\Roaming\DAEMON Tools Lite
[2010/11/04 22:11:32 | 000,000,000 | ---D | M] -- C:\Users\Thyris Discordia\AppData\Roaming\GrabPro
[2010/11/10 06:38:50 | 000,000,000 | ---D | M] -- C:\Users\Thyris Discordia\AppData\Roaming\Orbit
[2010/11/04 22:27:39 | 000,000,000 | ---D | M] -- C:\Users\Thyris Discordia\AppData\Roaming\ProgSense
[2010/11/09 14:33:06 | 000,000,000 | ---D | M] -- C:\Users\Thyris Discordia\AppData\Roaming\Shareaza
[2010/11/04 21:49:00 | 000,000,000 | ---D | M] -- C:\Users\Thyris Discordia\AppData\Roaming\WinBatch
[2010/12/13 23:15:01 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/11/09 10:40:16 | 000,006,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Extras.txt:

OTL Extras logfile created on: 12/14/2010 2:57:22 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Thyris Discordia\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.41 Gb Total Space | 40.93 Gb Free Space | 17.69% Space Free | Partition Type: NTFS

Computer Name: THYRISDISCORDIA | User Name: Thyris Discordia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60A95961-E9F4-17C6-2A91-578C34ED9A0C}" = ATI Catalyst Install Manager
"{6DF41AAD-B5F7-84BE-37F5-4C93184F5FBE}" = ccc-utility64
"{729F014A-9E91-49A6-B5F2-E8AA941452AE}" = O2Micro Flash Memory Card Reader Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0471C553-36C2-E7A0-7489-E99CD3F9683C}" = CCC Help Chinese Standard
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{0BD171A4-7DAC-A12B-14E3-E33DA0B6FE6A}" = CCC Help Finnish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D33BBA9-75E5-7B82-9776-277DEA2C4BA2}" = Catalyst Control Center Graphics Previews Vista
"{1D4BA420-070F-3F9B-4969-126689978A98}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2198B991-FCB1-F74E-26C9-5F7127B9DB0F}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3ED6B766-BDF2-F30F-F18E-16BA10ABA22A}" = CCC Help French
"{3F0BBF8C-9BAF-5F16-A2BF-B513D528F1B9}" = Catalyst Control Center Graphics Previews Common
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{516D7330-6BA3-6E53-9C7A-F50666C758E0}" = CCC Help Swedish
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4
"{66391B4E-194D-C20E-F1E5-D7222F1A8104}" = CCC Help Turkish
"{6D1496ED-3150-FCD5-CA3B-4C08B89D00D0}" = Catalyst Control Center Localization All
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77CD6B28-D387-9905-EF5B-78BF8AF722C6}" = CCC Help Chinese Traditional
"{8A54BB79-658E-84A4-FBB7-93FD1EB20174}" = CCC Help Danish
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A0855EE1-F653-3A5A-C7AF-D6CC3BF7A506}" = Catalyst Control Center InstallProxy
"{A0D2B948-BB85-589F-D283-2145A54BB11B}" = CCC Help English
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9C4FF3C-C5E5-07F7-AD5D-C26C2B41CFF3}" = CCC Help Dutch
"{ABA5FB59-633D-23B0-5841-D11A7B97C624}" = CCC Help Hungarian
"{B0F9D227-9243-E2E6-21CE-7FB9528202C5}" = CCC Help Norwegian
"{B1D6F9CC-55FC-CD82-1D5C-BF725BF9311E}" = CCC Help Portuguese
"{B282CB34-95CC-06B2-DFBC-07617F722837}" = CCC Help Spanish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E342FAD9-ACA4-BE69-D78C-F26CDF6DC9DC}" = CCC Help Italian
"{ED9E5BCC-371A-5BE1-6DC6-CF7D8DC9A2B7}" = CCC Help Czech
"{EF829AE4-69BB-F791-F3DF-C6CBF8942881}" = CCC Help Korean
"{EFF33410-5603-B27E-778A-7AB406C7A785}" = CCC Help Japanese
"{F241F4AB-9D50-52E4-6CA5-D1EA5A0713BC}" = CCC Help Russian
"{F3F8BEC4-1D0E-9E50-0AF6-54A16094C92E}" = CCC Help German
"{F9831B39-277F-4F53-BFB0-12DC90C4CB40}" = Requiem
"{FA39D1A0-3B11-AF64-5EF0-1DBC97F47075}" = CCC Help Thai
"{FD20D0EA-5F36-5870-26EC-5CA842E8C713}" = CCC Help Polish
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"Fallout" = Fallout
"Fallout New Vegas_is1" = Fallout New Vegas
"Fallout Tactics" = Fallout Tactics
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"OpenAL" = OpenAL
"Shareaza_is1" = Shareaza 2.5.3.0
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Synergy+" = Synergy+
"System Tool2011" = System Tool2011
"VLC media player" = VLC media player 1.1.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2010 10:33:57 PM | Computer Name = ThyrisDiscordia | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.exe, version: 1.0.0.240, time
stamp: 0x4c9808f2 Faulting module name: FalloutNV.exe, version: 1.0.0.240, time
stamp: 0x4c9808f2 Exception code: 0xc0000005 Fault offset: 0x001592fa Faulting process
id: 0xc9c Faulting application start time: 0x01cb7e1bfdff5d05 Faulting application
path: C:\Program Files (x86)\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe
Faulting
module path: C:\Program Files (x86)\Bethesda Softworks\Fallout New Vegas\FalloutNV.exe
Report
Id: 784875f1-ea17-11df-ae98-001e6874d661

Error - 11/7/2010 6:47:00 PM | Computer Name = ThyrisDiscordia | Source = Application Hang | ID = 1002
Description = The program Penumbra.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e0c Start
Time: 01cb7eccecdff73d Termination Time: 50 Application Path: C:\Program Files (x86)\BitLord\Downloads\Penumbra
overtune\Penumbra\redist\Penumbra.exe Report Id: e59bad65-eac0-11df-ae98-001e6874d661


Error - 11/8/2010 1:48:50 AM | Computer Name = ThyrisDiscordia | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: oko7y99.dll, version: 0.0.0.0, time
stamp: 0x4cbf2018 Exception code: 0xc0000005 Fault offset: 0x000018e2 Faulting process
id: 0xe24 Faulting application start time: 0x01cb7f05baec75b3 Faulting application
path: C:\Windows\SysWOW64\rundll32.exe Faulting module path: C:\Windows\system32\oko7y99.dll
Report
Id: dc44b5d0-eafb-11df-9989-001e6874d661

Error - 11/8/2010 8:42:12 AM | Computer Name = ThyrisDiscordia | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\THYRIS~1\AppData\Local\Temp\RarSFX1\redist.dll".
Dependent
Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/9/2010 1:40:11 PM | Computer Name = ThyrisDiscordia | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000000000110b000 Faulting process id: 0x2ac Faulting
application start time: 0x01cb7f8b949a9ad7 Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: 66405c0f-ec28-11df-8f84-001e6874d661

Error - 11/9/2010 1:45:45 PM | Computer Name = ThyrisDiscordia | Source = Application Error | ID = 1000
Description = Faulting application name: Regsvr32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bca28 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x10001407 Faulting process id:
0x16a8 Faulting application start time: 0x01cb8035ee33c4de Faulting application path:
C:\Windows\SysWOW64\Regsvr32.exe Faulting module path: unknown Report Id: 2d20d9a6-ec29-11df-8f84-001e6874d661

Error - 11/9/2010 1:47:35 PM | Computer Name = ThyrisDiscordia | Source = Application Error | ID = 1000
Description = Faulting application name: compacta.exe, version: 6.1.33.0, time stamp:
0x4cd52dc4 Faulting module name: compacta.exe, version: 6.1.33.0, time stamp: 0x4cd52dc4
Exception
code: 0xc0000005 Fault offset: 0x00001291 Faulting process id: 0x3788 Faulting application
start time: 0x01cb803631258ef0 Faulting application path: C:\Windows\TEMP\compacta.exe
Faulting
module path: C:\Windows\TEMP\compacta.exe Report Id: 6ef73403-ec29-11df-8f84-001e6874d661

Error - 11/9/2010 2:48:39 PM | Computer Name = ThyrisDiscordia | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x100018e2 Faulting process id:
0x58c Faulting application start time: 0x01cb803bdef46ab0 Faulting application path:
C:\Windows\SysWOW64\rundll32.exe Faulting module path: unknown Report Id: f7032bce-ec31-11df-aa41-001e6874d661

Error - 11/9/2010 4:23:36 PM | Computer Name = ThyrisDiscordia | Source = Application Error | ID = 1000
Description = Faulting application name: Requiem.exe, version: 0.0.0.0, time stamp:
0x4cc6baf7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0xcccccccc Faulting process id: 0xa0c Faulting application
start time: 0x01cb803c0ecf0412 Faulting application path: C:\Program Files (x86)\Gravity\Requiem\Requiem\System\Requiem.exe
Faulting
module path: unknown Report Id: 3ac5c2ed-ec3f-11df-aa41-001e6874d661

Error - 12/14/2010 6:19:15 AM | Computer Name = ThyrisDiscordia | Source = Application Error | ID = 1000
Description = Faulting application name: OTM.exe, version: 3.1.17.2, time stamp:
0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc000041d Fault offset: 0x73434cad Faulting process id: 0x9b4 Faulting application
start time: 0x01cb9b784db79b13 Faulting application path: C:\Users\Thyris Discordia\Downloads\OTM.exe
Faulting
module path: unknown Report Id: 99d97285-076b-11e0-9dd2-001e6874d661

[ System Events ]
Error - 11/10/2010 5:32:38 PM | Computer Name = ThyrisDiscordia | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/14/2010 2:39:48 AM | Computer Name = ThyrisDiscordia | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:37:39 PM on ?12/?13/?2010 was unexpected.

Error - 12/14/2010 2:39:59 AM | Computer Name = ThyrisDiscordia | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/14/2010 2:51:21 AM | Computer Name = ThyrisDiscordia | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/14/2010 6:30:21 AM | Computer Name = ThyrisDiscordia | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/14/2010 7:14:37 AM | Computer Name = ThyrisDiscordia | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/14/2010 7:17:37 AM | Computer Name = ThyrisDiscordia | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/14/2010 4:36:23 PM | Computer Name = ThyrisDiscordia | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/14/2010 5:30:16 PM | Computer Name = ThyrisDiscordia | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 12/14/2010 5:36:26 PM | Computer Name = ThyrisDiscordia | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.


< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP