Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue Screen, slow load times

Started by skilldan , Feb 09 2011 10:10 PM

  • This topic is locked This topic is locked

#1
skilldan
Posted 09 February 2011 - 10:10 PM

skilldan

    New Member

  • Member
  • Pip
  • 8 posts
hi there!

Tonight i've been getting some odd behaviour from my computer after an Adobe reader patch was installed, and potentially a windows update too (on restarts it claims updates are configuring before the windows splash screen). Below are my OLT logs, anything suspicious there? If not, next steps to try and stabilise computer or other theories? Thanks in advance :-)


OTL logfile created on: 10/02/2011 03:50:23 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Dan\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.49 Gb Total Space | 16.23 Gb Free Space | 11.08% Space Free | Partition Type: NTFS
Drive D: | 319.27 Gb Total Space | 117.39 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive E: | 182.24 Gb Total Space | 12.20 Gb Free Space | 6.70% Space Free | Partition Type: NTFS
Drive F: | 186.30 Gb Total Space | 142.50 Gb Free Space | 76.49% Space Free | Partition Type: NTFS
Drive G: | 7.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VISTA | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/10 03:50:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Downloads\OTL.com
PRC - [2011/02/07 09:29:02 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/07/09 08:41:04 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2010/04/01 09:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/08/15 10:03:35 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/15 10:03:29 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
PRC - [2009/08/15 10:03:22 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2008/07/26 08:25:36 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe


========== Modules (SafeList) ==========

MOD - [2011/02/10 03:50:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Downloads\OTL.com
MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/04/11 06:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll
MOD - [2008/01/21 02:48:21 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2006/11/02 09:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2006/11/02 09:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/07/26 08:25:24 | 000,187,928 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/07/26 08:23:54 | 000,255,000 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV:64bit: - [2008/01/21 02:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/21 02:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/03/16 01:24:18 | 000,566,704 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxbccoms.exe -- (lxbc_device)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/03 23:43:48 | 000,526,320 | ---- | M] (Trusteer Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe -- (RapportLaunService)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/06/15 12:35:02 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/15 10:03:29 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/15 10:03:22 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/03/30 04:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/16 01:24:02 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWow64\lxbccoms.exe -- (lxbc_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/13 11:41:43 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/06/10 15:34:57 | 000,310,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/06/10 15:34:57 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/01/06 06:44:20 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/10/01 00:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/15 10:03:38 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/08/15 10:03:35 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/07/09 11:16:16 | 000,048,640 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/10 09:50:59 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2008/09/26 04:31:02 | 000,804,864 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2008/07/26 15:26:44 | 005,068,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Ultra Vision(UVC)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 08:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2008/07/26 08:24:40 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2006/10/31 15:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006/10/30 03:32:12 | 000,065,536 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID)
DRV:64bit: - [2006/09/18 21:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/02/07 11:53:22 | 000,008,704 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2010/10/03 23:43:50 | 000,056,816 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys -- (RapportPG64)
DRV - [2010/10/03 23:43:48 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)
DRV - [2009/09/24 18:44:14 | 000,070,168 | ---- | M] (TSS - www.trinity-ss.com) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\TSSFSFD.sys -- (TSS_FSFILTER)
DRV - [2009/09/24 18:44:14 | 000,070,168 | ---- | M] (TSS - www.trinity-ss.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TSSFSFD.sys -- (DynamicEDController)
DRV - [2006/07/14 15:03:02 | 000,014,448 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/29 16:10:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Firefox\components [2010/10/04 09:31:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Firefox\plugins [2011/02/10 01:38:17 | 000,000,000 | ---D | M]

[2009/08/16 11:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2011/01/22 19:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ulu1mp20.default\extensions
[2010/04/28 09:19:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ulu1mp20.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/21 11:04:53 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ulu1mp20.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2009/09/02 07:32:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/22 17:53:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/05/10 14:08:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/13 08:08:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/11 11:00:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/11 17:36:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

O1 HOSTS File: ([2006/09/18 21:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [WMPNSCFG] File not found
O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V Collector Edition\registration\RegistrationReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} http://trinity.dlsit...ex/pbebkick.cab (PbEbkick Control)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/16 16:40:57 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/07/03 14:23:54 | 000,000,132 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0838b6e0-3246-11dd-a5f3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0838b6e0-3246-11dd-a5f3-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.Now.exe -- [2006/08/14 15:07:37 | 000,626,688 | R--- | M] (Mastertronic Group Ltd.)
O33 - MountPoints2\{0838b6e0-3246-11dd-a5f3-806e6f6e6963}\Shell\instDX\command - "" = G:\DirectX\dxsetup.exe -- [2001/10/16 20:24:46 | 000,140,288 | RH-- | M] (Microsoft Corporation)
O33 - MountPoints2\{28fb7c93-bf2c-11df-b255-001e8c7e6edc}\Shell - "" = AutoRun
O33 - MountPoints2\{28fb7c93-bf2c-11df-b255-001e8c7e6edc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{62349790-1913-11de-a675-001e8c7e6edc}\Shell\AutoRun\command - "" = H:\8bglj.cmd
O33 - MountPoints2\{62349790-1913-11de-a675-001e8c7e6edc}\Shell\open\Command - "" = H:\8bglj.cmd
O33 - MountPoints2\{62349797-1913-11de-a675-001e8c7e6edc}\Shell - "" = AutoRun
O33 - MountPoints2\{62349797-1913-11de-a675-001e8c7e6edc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{68a83781-fa68-11dd-8783-001e8c7e6edc}\Shell\AutoRun\command - "" = H:\8bglj.cmd
O33 - MountPoints2\{68a83781-fa68-11dd-8783-001e8c7e6edc}\Shell\open\Command - "" = H:\8bglj.cmd
O33 - MountPoints2\{774356a6-8a44-11de-b694-001e8c7e6edc}\Shell - "" = AutoRun
O33 - MountPoints2\{774356a6-8a44-11de-b694-001e8c7e6edc}\Shell\AutoRun\command - "" = I:\USBAutoRun.exe
O33 - MountPoints2\{8240bb2a-324f-11dd-9248-001e8c7e6edc}\Shell - "" = AutoRun
O33 - MountPoints2\{8240bb2a-324f-11dd-9248-001e8c7e6edc}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/28 09:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/01/28 09:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2011/01/22 20:15:14 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mkv2vob
[2011/01/22 20:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/01/22 20:07:27 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\ImTOO
[2011/01/22 20:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ImTOO
[2011/01/22 19:49:15 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Geckofx
[2011/01/22 19:48:55 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011/01/22 19:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011/01/22 19:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2011/01/13 18:55:01 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2011/01/13 18:54:37 | 000,000,000 | ---D | C] -- C:\Netgear
[2009/03/09 20:32:52 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll
[2009/03/09 20:32:52 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll
[2009/03/09 20:32:52 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll
[2009/03/09 20:32:52 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll
[2009/03/09 20:32:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll
[2009/03/09 20:32:52 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll
[2009/03/09 20:32:52 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll
[2009/03/09 20:32:52 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll
[2009/03/09 20:32:52 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll
[2009/03/09 20:32:52 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll
[2009/03/09 20:32:52 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll
[2008/06/04 15:41:08 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Users\Dan\AppData\Local\bootinst.exe
[1 C:\Users\Dan\AppData\Local\*.tmp files -> C:\Users\Dan\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/10 03:54:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-979516092-295907200-2416703211-1000UA.job
[2011/02/10 03:51:04 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/10 03:51:04 | 000,608,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/10 03:51:04 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/10 03:45:54 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/02/10 03:45:53 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/02/10 03:45:20 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/10 03:45:20 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/10 03:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/10 03:44:30 | 4293,451,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 03:35:11 | 598,846,044 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/10 03:07:58 | 000,129,024 | ---- | M] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/10 03:04:25 | 000,269,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/09 16:20:27 | 070,987,769 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/02/09 15:54:01 | 000,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-979516092-295907200-2416703211-1000Core.job
[2011/02/09 10:55:27 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{173F6CD8-E9A8-43B5-8C7A-B38B88A58EDC}.job
[2011/01/13 19:47:48 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/01/11 10:38:02 | 000,061,952 | ---- | M] () -- C:\Users\Dan\Desktop\CV Sales Basic.doc
[1 C:\Users\Dan\AppData\Local\*.tmp files -> C:\Users\Dan\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/10 03:44:30 | 4293,451,776 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/22 20:07:03 | 000,410,746 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_vcredistMSI7E40.txt
[2011/01/22 20:07:01 | 000,015,780 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_vcredistUI7E40.txt
[2011/01/13 18:54:21 | 000,429,644 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_vcredistMSI0770.txt
[2011/01/13 18:54:21 | 000,013,518 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_vcredistUI0770.txt
[2010/11/23 15:29:28 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\tssfltc.dll
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/07/01 14:07:29 | 000,000,680 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat
[2010/05/25 19:35:05 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/25 19:35:04 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/29 14:35:02 | 000,434,966 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_vcredistMSI3E66.txt
[2010/03/29 14:35:02 | 000,015,166 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_vcredistUI3E66.txt
[2010/01/26 16:26:48 | 000,415,788 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_vcredistMSI27B2.txt
[2010/01/26 16:26:48 | 000,013,518 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_vcredistUI27B2.txt
[2009/11/11 11:19:21 | 000,001,801 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/24 06:54:05 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/24 06:52:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/03 14:02:39 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2009/05/07 09:13:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/09 20:33:56 | 000,000,150 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009/03/09 20:32:52 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll
[2009/03/09 20:32:52 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll
[2008/11/02 12:25:51 | 000,028,101 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_depcheckdotnetfx30.txt
[2008/11/02 12:25:47 | 000,001,578 | ---- | C] () -- C:\Users\Dan\AppData\Local\uxeventlog.txt
[2008/11/02 12:25:47 | 000,000,604 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_dotnetfx3error.txt
[2008/11/02 12:25:46 | 000,031,806 | ---- | C] () -- C:\Users\Dan\AppData\Local\dd_dotnetfx3install.txt
[2008/07/23 16:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/07/23 16:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008/06/14 11:33:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/06/05 17:13:30 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/06/05 17:13:30 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/06/04 16:06:14 | 000,129,024 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/04 15:41:08 | 000,171,136 | ---- | C] () -- C:\Users\Dan\AppData\Local\grldr
[2008/06/04 15:41:08 | 000,002,731 | ---- | C] () -- C:\Users\Dan\AppData\Local\Asus.xrm-ms
[2008/06/04 15:12:52 | 000,012,238 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/06/04 15:03:41 | 000,000,732 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps64.dat
[2008/01/21 02:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/10/11 03:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2005/08/18 15:28:30 | 000,273,408 | ---- | C] () -- C:\Windows\SysWow64\unlha32.dll

========== LOP Check ==========

[2008/10/16 00:04:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Acreon
[2010/12/15 12:13:18 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Amazon
[2011/02/08 10:11:15 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Azureus
[2008/06/04 15:52:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DAEMON Tools
[2010/09/13 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DAEMON Tools Lite
[2010/12/15 12:13:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\eMusic
[2009/09/23 10:32:42 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\GetRightToGo
[2009/08/05 13:19:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\GrabPro
[2011/01/22 20:07:27 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ImTOO
[2009/02/17 18:34:15 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Leadertech
[2009/08/16 13:38:07 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LG Electronics
[2009/04/26 14:22:03 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Nokia
[2010/06/26 00:33:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Oberon Media
[2009/08/28 23:35:00 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Octoshape
[2009/08/05 13:27:40 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Orbit
[2009/04/26 14:22:08 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PC Suite
[2010/08/13 19:04:05 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SPORE
[2011/02/10 03:59:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SystemRequirementsLab
[2011/01/14 09:06:02 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Trinity
[2010/11/18 16:00:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Trusteer
[2011/02/09 17:42:18 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/09 10:55:27 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{173F6CD8-E9A8-43B5-8C7A-B38B88A58EDC}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/08/19 19:45:58 | 000,026,112 | ---- | M] ()(C:\Users\Dan\Documents\??.doc) -- C:\Users\Dan\Documents\笑顔.doc
[2010/05/18 15:53:27 | 000,026,112 | ---- | C] ()(C:\Users\Dan\Documents\??.doc) -- C:\Users\Dan\Documents\笑顔.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:813B8EB6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FA345B65

< End of report >

And then another that popped up:

OTL Extras logfile created on: 10/02/2011 03:50:23 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Dan\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.49 Gb Total Space | 16.23 Gb Free Space | 11.08% Space Free | Partition Type: NTFS
Drive D: | 319.27 Gb Total Space | 117.39 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive E: | 182.24 Gb Total Space | 12.20 Gb Free Space | 6.70% Space Free | Partition Type: NTFS
Drive F: | 186.30 Gb Total Space | 142.50 Gb Free Space | 76.49% Space Free | Partition Type: NTFS
Drive G: | 7.87 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VISTA | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Dan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 52 F7 B4 EA BB 5E CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0656582A-9935-454A-AEEE-7F0FEB896DED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BDDCA69-E294-451D-AEB1-469A44B60256}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0E9D6129-95D3-4F57-991A-1BE5311B518E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13384CC9-9E75-434F-8942-0BAB26B476DD}" = lport=445 | protocol=6 | dir=in | app=system |
"{1BAE3FE3-E9CB-44DC-9495-33567BB2D315}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EABE734-A912-4843-8DC9-E644DAEE300D}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F32B85D-68E0-4F47-87F0-F453D0874CFC}" = rport=445 | protocol=6 | dir=out | app=system |
"{222D2836-F998-4729-B5E2-1F0D6F79B82A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{232733B2-EA6D-4FA8-BDD1-B91A5A23C582}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24B867E0-0A36-4FA4-BCE4-32092C3D4017}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{25DA3D65-3E06-4C8A-AE7C-5D904330984B}" = rport=138 | protocol=17 | dir=out | app=system |
"{2667206F-EA5B-4C60-904C-30B8DA5B7E29}" = lport=2869 | protocol=6 | dir=in | app=system |
"{37667CD6-210A-4D35-9B92-B8E8DFD73327}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{589BCA24-E8C2-4BEC-941E-1AAED520335C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DDFDFEC-55E5-488B-B873-344A46AF3A84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6747C877-0AF3-4B9D-B309-D0157C3E1C3B}" = rport=137 | protocol=17 | dir=out | app=system |
"{68B021B7-7944-460E-974A-1CF2BAD0DE81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{727CE09F-5B99-4239-95CF-6B0EC7D9D35C}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{8B9A5C7A-3922-462B-8BA2-385D86400E43}" = lport=139 | protocol=6 | dir=in | app=system |
"{8E89C3CB-CF6B-422B-9E36-0D25BB49BE89}" = lport=137 | protocol=17 | dir=in | app=system |
"{949A6598-0EF8-472C-B7E5-F2E62BEAAD33}" = rport=139 | protocol=6 | dir=out | app=system |
"{A51BB70F-4E70-451C-8745-2998287837BB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B4CB7F78-06BB-47CC-9C02-DEB9D85CB9A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7DF4828-9176-4B42-BEEE-BB6F30051760}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8589935-A4F2-43A5-98B6-C33B2AD78E81}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E45EA5F1-FB2F-44A9-8BD0-51ECF2C9A520}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E64D4496-4120-48AB-A774-2CF0E92C42BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E8490226-1035-47F3-AEFC-C8AE1207B14F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EBE265EE-CB50-40A5-8679-09E0F07B64BB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FA7E02D0-59AE-4851-8A6D-1FD5804B0087}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CCE7C3-ACCB-4603-98AD-5D189214F3B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{0BDF7667-E664-47DC-8603-1BA6CCDCCF94}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |
"{0E22377B-C9B9-4462-A98D-93FA8F4264F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{142AE9FC-9E35-491F-BD3F-A47D9E15BD32}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1500EAB8-D81A-47DD-93C5-1A6DBDEE89B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{1A36EAFC-664C-460A-946E-2DEBB59EA76E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1A39D670-D305-4B36-B7BE-002AD71B5870}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\the settlers - rise of an empire\extra1\bin\settlers6.exe |
"{1A91536E-8C67-4D6C-8A3E-8A049C208633}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{25FE37D9-6C25-46F3-8F5A-0373B0580AF2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{26B64037-AFCD-4C0C-A313-F24BBDB09C16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe |
"{2866DAE3-1573-4DC7-AD61-1F38DC4A6637}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-engb-win-final-downloader.exe |
"{35D45D8E-2DF7-4089-93A1-4DBA3E9D4244}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{3637C6F7-158F-48BE-A9EC-12D256B074ED}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{36A6DDA6-BDF6-4ADA-8139-A1821BA0AC6D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{37824ED1-D808-42D7-A839-584902DFC972}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{3A4E6057-3C05-4549-AEC0-567527E05DFA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{3C368C82-D588-44D4-B30A-406C862BE93F}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{3DF27116-3404-4810-95CF-55EC5905FA8B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-engb-downloader.exe |
"{410D7AC0-974D-4CA8-9EB6-1B52F369312F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44D394EC-9FE5-45CB-9BBA-7C668469DFE2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-engb-win-final-downloader.exe |
"{4CDABF6F-0EA6-4193-9802-6C49DE5583B5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-engb-downloader.exe |
"{4E8EBAC2-C142-4A53-AAAB-C88FAA039AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\sins of a solar empire\sins of a solar empire.exe |
"{5495FD8D-0E74-4CAE-A1E3-19670F7C55B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57753B12-F9DF-48A3-A469-71047967C299}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5885EB8B-D3AB-4D89-9F3E-DD909CEB741C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{588A04FA-8C4C-434E-85BB-468D67A119DF}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{59E0A952-0336-4AB2-AFA1-A43A3938FAEA}" = protocol=1 | dir=in | [email protected],-28543 |
"{59E5A08B-08FB-4863-9538-BCB6DF0703BA}" = protocol=1 | dir=out | [email protected],-28544 |
"{5B226BAE-5EB0-44A6-9376-A2C46962264C}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5D0C7554-0E3C-47AF-92FE-A1332C09A28E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-engb-downloader.exe |
"{5E3135C8-90EE-4522-BC19-27063405C412}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{5FB59180-CA3B-4EB9-9044-F3F67E91DA0E}" = protocol=58 | dir=in | [email protected],-28545 |
"{605AAED7-B88F-4D50-B2D5-8817A18C90B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{627A4802-6C5D-4A0D-9BD6-8C4188C4FAE9}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{628B79ED-F619-4CE4-98C6-A6F518DA8F34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63A15347-0B32-475A-8413-1EC1C584FAB5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
"{63AC9775-5DB0-4264-A6EE-C23C513D4EDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6479B662-083D-4420-892E-40EB66C024A8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{65F629B7-ACB6-46B9-BF31-9FB757AA492F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6790565C-3CD8-4337-BECD-8B9A3C20248A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{684C7F3B-44D3-4982-A6AC-A6DFD3D27D50}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{6C48554B-F0FC-49C1-BE73-A7C5E779F668}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evil genius\evilgeniuslauncher.exe |
"{7391F24E-E89C-4D6F-B82E-11DEB143B395}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{73EC2C58-84E2-4DB7-A7D1-62C94BFC31D9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{78919412-1126-45EA-A995-D858E3EAC76E}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{80823C6D-1E5A-4B24-B1FA-AB077EA454C1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{837B2DF0-B485-4CC2-BA06-AA00374D73BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{83B55492-838C-4AD0-8C4A-33D2509AA9B4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
"{8911433F-7D03-4CA1-A73A-F5ADD715E634}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AED9BA7-75E6-4BD3-B45B-6FD1979F1798}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evil genius\evilgeniuslauncher.exe |
"{8FD1429B-CE88-40DF-A251-A4ECD015D79F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-engb-downloader.exe |
"{9510DFE5-BBDF-475B-82DB-8FFD4D72050C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{962A60E3-349F-415F-9449-17F2CAA677A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{96581037-5BF2-48C0-AA55-3FEBAF6A280B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-engb-downloader.exe |
"{97144032-1A28-4DB6-9A7B-97F2DF20701A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9AC79DB9-0CD1-4AD5-81B9-D7E0D7345D2A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\the settlers - rise of an empire\extra1\bin\settlers6.exe |
"{A453C7C9-ED5F-40A2-94B3-4F3CE0D49000}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AAF2CB66-27BB-4BB2-9D51-4B930224368F}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{AEB59DFA-609E-4161-BBFB-2991EBFB249F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{B00C3E02-B1BD-49C8-BA1E-A1199C07B4E2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-engb-downloader.exe |
"{B6D10012-09FC-4AF3-96A8-3C46A50825AB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-engb-downloader.exe |
"{B7A2A2A3-B6F9-4EB9-A559-F1CC5F932DE4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-engb-downloader.exe |
"{BE8B7842-41E7-454D-9663-75C39C93A1BF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BEE78A5F-4B5B-41D5-BBDF-22A098A79CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BF60E781-7F9C-40FE-A7CF-E59E9D67EAF4}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{C48C36E4-EDA4-4475-A1FF-277782A75AE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C50DD53D-3FC5-40BC-8E18-4FB4E75AA2E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5E1D775-D36D-4C04-8422-D550847CE61A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{C80BE8BE-72F4-4C28-862D-B122C8C8CCC5}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{C879A535-AD1E-484C-8059-C71545C6BD7A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{CD939911-3DAE-411C-834D-BB64F884D0B4}" = protocol=6 | dir=in | app=c:\program files (x86)\sins of a solar empire\sins of a solar empire.exe |
"{CE2BD696-79E3-40A0-A2E5-A4C3BBF3591B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D178672E-9703-4C73-8465-560DB4ACE4BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{D287314A-ADB9-46F8-AC20-A53C6315DBCC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\the settlers - rise of an empire\base\bin\settlers6.exe |
"{D5C7FCA9-9AD6-4F7D-B138-E6B1590B8C0B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{D8C799A3-CB4F-4701-9B76-790F280D0CBB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE43BEE1-0719-4A1A-AD85-9ABA8335FFEB}" = protocol=58 | dir=out | [email protected],-28546 |
"{DEE76B23-6F13-4719-9A35-0B4AB7AA2487}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E05559C0-7355-43F1-AC9A-58EAF4530C83}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{E843D9A4-5B40-4C80-A394-0FF3E375547B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{EB4CA51A-6D7D-46D9-971B-8A5EBCCE1251}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{EDCA7BC3-FAD9-4792-9725-76E33084044A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EEB14606-A36E-46D9-81AA-C4EC1EA8C84C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F0F64479-C641-4B70-8BA5-4C24ECE76C88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F27B272D-4746-4D71-AE5F-844C8C035914}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{F4668405-B3AA-467E-903A-FD9EAD1738EF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F56BE582-A444-497D-A62F-E226F2A16DCA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8612145-C161-4090-8DCA-08902C9EE6FE}" = protocol=6 | dir=out | app=system |
"{F90B981E-CDF9-468E-867B-D17B734DB413}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-engb-downloader.exe |
"{FD407D7F-9EB8-4E94-9219-D18705CD9BE1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"TCP Query User{002E8FE3-EC8E-4993-BFAC-FA460CF02E19}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{26125462-6412-4745-88DA-9F358E2B7513}C:\program files (x86)\youtube downloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\youtube downloader\orbitnet.exe |
"TCP Query User{2942C7B5-4072-4706-A385-C9F86F8D2A73}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{32BA8681-D69E-41B4-ACA5-1BACB632C1AE}C:\program files (x86)\wow\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wow\backgrounddownloader.exe |
"TCP Query User{340E09AD-1C8D-4BD7-A872-2B54B37DFA35}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{36958CA3-14B8-44C3-86BE-5B55A280164E}C:\users\dan\documents\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=6 | dir=in | app=c:\users\dan\documents\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe |
"TCP Query User{560BE503-6FF6-42C2-A281-CD3F4201A3E8}C:\program files (x86)\wow\tortun\gui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wow\tortun\gui.exe |
"TCP Query User{59CE491D-8D69-4DE8-A8D1-AA7411C862B8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{5A9D5BF2-D4A7-4BA1-B11E-CDF02C80AC46}C:\users\dan\documents\downloads\sto_demo_installer (2).exe" = protocol=6 | dir=in | app=c:\users\dan\documents\downloads\sto_demo_installer (2).exe |
"TCP Query User{62830140-2BE6-4780-B91D-4982BC520649}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{648DBB86-10EB-43EC-9070-E3A8B77A26AF}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{64CDA1B8-1525-4526-8997-E9FDF0358774}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe |
"TCP Query User{6E204F75-554B-4BE4-ADB6-D38C1779CBA7}C:\users\dan\appdata\local\microsoft\windows\temporary internet files\content.ie5\9bg20unx\wow-3.0.1.8874-ptr-eu-installer-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\dan\appdata\local\microsoft\windows\temporary internet files\content.ie5\9bg20unx\wow-3.0.1.8874-ptr-eu-installer-downloader[1].exe |
"TCP Query User{6EB97810-4ED7-4FAB-9CF7-127CAAF4B45E}C:\users\dan\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\dan\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{731EF84E-94CF-4A9E-BD39-85008F40C2FD}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{75823179-105E-425D-8999-B3C39E36F09E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{7630B436-E873-4616-A5C4-5BCA93A08D96}C:\users\dan\documents\downloads\sto_demo_installer (1).exe" = protocol=6 | dir=in | app=c:\users\dan\documents\downloads\sto_demo_installer (1).exe |
"TCP Query User{7662749A-4ED9-463C-97CC-C679C3FEF66C}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{8EE77A8C-3A5E-41CA-97D1-BDF9C6148732}C:\users\dan\documents\downloads\sto_demo_installer.exe" = protocol=6 | dir=in | app=c:\users\dan\documents\downloads\sto_demo_installer.exe |
"TCP Query User{A228D4C4-99EF-4F76-89A2-43A5440CAEDB}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{A31BAC95-6EBC-487D-9497-64E819EA6B5B}D:\program files\world of warcraft\proper public test\launcher.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\proper public test\launcher.exe |
"TCP Query User{C3F3377D-9171-491A-A200-361D5BD31D6C}C:\users\dan\documents\downloads\sto_demo_installer (2).exe" = protocol=6 | dir=in | app=c:\users\dan\documents\downloads\sto_demo_installer (2).exe |
"TCP Query User{E384D7B3-FFFF-46FE-9D5F-84A461133A96}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{094DACB7-9E59-443F-B543-4484F7C988D2}C:\program files (x86)\wow\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wow\backgrounddownloader.exe |
"UDP Query User{0A1A4DDA-BA92-4FD3-812D-797ADAD46E91}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{11E296D2-2995-4633-9748-CE845C33BDC0}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{1A99D794-347D-4B17-A094-D85636FA7E19}C:\users\dan\documents\downloads\sto_demo_installer (2).exe" = protocol=17 | dir=in | app=c:\users\dan\documents\downloads\sto_demo_installer (2).exe |
"UDP Query User{2A050458-2478-49B2-A41B-10A286FDAD12}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{32515C85-0546-4C64-8D05-214E037201FC}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{37CA0FB9-A70F-411D-9BCC-B53028639C5D}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe |
"UDP Query User{38F39562-CE4B-4F35-9DB2-F8CB64B93C95}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{3FE00675-3A16-40BD-91DE-A4A119EEBC6C}C:\users\dan\documents\downloads\sto_demo_installer (2).exe" = protocol=17 | dir=in | app=c:\users\dan\documents\downloads\sto_demo_installer (2).exe |
"UDP Query User{444B9EC3-90C4-49C0-8E65-5A3539399080}D:\program files\world of warcraft\proper public test\launcher.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\proper public test\launcher.exe |
"UDP Query User{4548A008-5F15-4C0F-AB16-7CA5BA58F092}C:\users\dan\documents\downloads\sto_demo_installer (1).exe" = protocol=17 | dir=in | app=c:\users\dan\documents\downloads\sto_demo_installer (1).exe |
"UDP Query User{47FB3C38-B1F7-4BDE-9333-2DA90E8D2A17}C:\users\dan\appdata\local\microsoft\windows\temporary internet files\content.ie5\9bg20unx\wow-3.0.1.8874-ptr-eu-installer-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\dan\appdata\local\microsoft\windows\temporary internet files\content.ie5\9bg20unx\wow-3.0.1.8874-ptr-eu-installer-downloader[1].exe |
"UDP Query User{4B538438-2053-42C6-9455-54A5E08F18CE}C:\program files (x86)\wow\tortun\gui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wow\tortun\gui.exe |
"UDP Query User{5812E48B-43F8-46E8-B7D7-33FA8A48B566}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{84D0F56A-CF9F-4786-934A-EC117170617D}C:\users\dan\documents\downloads\sto_demo_installer.exe" = protocol=17 | dir=in | app=c:\users\dan\documents\downloads\sto_demo_installer.exe |
"UDP Query User{A77B4CC6-55B6-419C-982A-632DDE33AF15}C:\users\dan\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\dan\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{AF3AAACB-6675-4C9A-9663-EBF8F649B131}C:\users\dan\documents\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe" = protocol=17 | dir=in | app=c:\users\dan\documents\wow-2.4.3.8568-to-3.0.2.8916-engb-downloader.exe |
"UDP Query User{B792EDDD-7798-4A3E-8957-7CB7BCAA3B57}C:\program files (x86)\youtube downloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\youtube downloader\orbitnet.exe |
"UDP Query User{C509311E-5380-4E54-A098-AE1A0B085821}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{D5FBDBDD-193E-41A3-BED9-4E9FFFB00961}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{DAF8BBFE-DB55-41C7-A285-F43F09F7F4C7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{EB84876A-6945-45FA-AF2A-27694E782161}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{FBBEC50C-9AC2-4900-B059-B8558838485A}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{249E9ED4-1C67-4DA5-9E39-F0F09AFD93B7}" = Logitech QuickCam
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{43602F34-1AA3-44FB-AEB2-D08C2C737440}" = Paint.NET v3.36
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"UltSounds" = Windows Sound Schemes

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 23
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110206700}" = Bejeweled
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{93C430F3-57D1-43D5-939D-86408336BEAF}" = Pirates Buster for e-Book/Application (Decoder for Eisys)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D3FF6-FFDD-4E4E-B887-4BF378174F04}" = ArcSoft PhotoStudio 6
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}" = Pixia
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = THE SETTLERS - Rise of an Empire (All products)
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}" = Heroes of Might and Magic V Collector Edition
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"ImTOO PSP Video Converter 6" = ImTOO PSP Video Converter 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Rapport_msi" = Rapport
"RealPlayer 6.0" = RealPlayer
"Settlers3Deinstall" = Settlers3
"Sins of a Solar Empire" = Sins of a Solar Empire
"StarCraft II" = StarCraft II
"Steam App 3720" = Evil Genius
"Steam App 3910" = Sid Meier's Civilization III: Complete
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/03/2010 14:44:51 | Computer Name = Vista | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/03/2010 15:02:47 | Computer Name = Vista | Source = WinMgmt | ID = 10
Description =

Error - 12/03/2010 15:04:11 | Computer Name = Vista | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/03/2010 10:36:49 | Computer Name = Vista | Source = WinMgmt | ID = 10
Description =

Error - 15/03/2010 10:37:35 | Computer Name = Vista | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/03/2010 10:38:50 | Computer Name = Vista | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/03/2010 04:41:43 | Computer Name = Vista | Source = WinMgmt | ID = 10
Description =

Error - 16/03/2010 04:43:09 | Computer Name = Vista | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/03/2010 05:53:36 | Computer Name = Vista | Source = WinMgmt | ID = 10
Description =

Error - 17/03/2010 05:54:47 | Computer Name = Vista | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\AVG\AVG8\avglvea.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 09/02/2011 23:49:18 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 09/02/2011 23:49:18 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 09/02/2011 23:49:18 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 09/02/2011 23:49:22 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09/02/2011 23:49:22 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09/02/2011 23:49:22 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09/02/2011 23:49:22 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09/02/2011 23:49:22 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09/02/2011 23:49:22 | Computer Name = Vista | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 09/02/2011 23:49:27 | Computer Name = Vista | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >
  • 0

Advertisements

#2
Salagubang
Posted 15 February 2011 - 09:56 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi skilldan,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

Posted Image ERUNT - Download here
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions. To ensure that we have a valid registry backup. Install and run ERUNT (Emergency Recovery Utility NT) which will allows you to store a complete backup of your registry and restore if needed.
  • Download ERUNT
  • Double-click erunt_setup.exe to run.
  • Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
  • Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
    Posted Image
  • Start ERUNT
  • Choose a location for the backup
    The default location C:\WINDOWS\ERDNT\[today's date] is preferred
    Posted Image
  • The first two check boxes are ticked by default (System registry and Current user registry).
  • Press OK
  • When prompted, click YES to create a new folder.
  • Progress bars will show backup status.
  • A confirmation window will popup when complete. Click OK to close.

+++++++++++++++++++++++++++++++++++++++++++

Step One

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O33 - MountPoints2\{0838b6e0-3246-11dd-a5f3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0838b6e0-3246-11dd-a5f3-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.Now.exe -- [2006/08/14 15:07:37 | 000,626,688 | R--- | M] (Mastertronic Group Ltd.)
O33 - MountPoints2\{0838b6e0-3246-11dd-a5f3-806e6f6e6963}\Shell\instDX\command - "" = G:\DirectX\dxsetup.exe -- [2001/10/16 20:24:46 | 000,140,288 | RH-- | M] (Microsoft Corporation)
O33 - MountPoints2\{28fb7c93-bf2c-11df-b255-001e8c7e6edc}\Shell - "" = AutoRun
O33 - MountPoints2\{28fb7c93-bf2c-11df-b255-001e8c7e6edc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{62349790-1913-11de-a675-001e8c7e6edc}\Shell\AutoRun\command - "" = H:\8bglj.cmd
O33 - MountPoints2\{62349790-1913-11de-a675-001e8c7e6edc}\Shell\open\Command - "" = H:\8bglj.cmd
O33 - MountPoints2\{62349797-1913-11de-a675-001e8c7e6edc}\Shell - "" = AutoRun
O33 - MountPoints2\{62349797-1913-11de-a675-001e8c7e6edc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{68a83781-fa68-11dd-8783-001e8c7e6edc}\Shell\AutoRun\command - "" = H:\8bglj.cmd
O33 - MountPoints2\{68a83781-fa68-11dd-8783-001e8c7e6edc}\Shell\open\Command - "" = H:\8bglj.cmd
O33 - MountPoints2\{774356a6-8a44-11de-b694-001e8c7e6edc}\Shell - "" = AutoRun
O33 - MountPoints2\{774356a6-8a44-11de-b694-001e8c7e6edc}\Shell\AutoRun\command - "" = I:\USBAutoRun.exe
O33 - MountPoints2\{8240bb2a-324f-11dd-9248-001e8c7e6edc}\Shell - "" = AutoRun
O33 - MountPoints2\{8240bb2a-324f-11dd-9248-001e8c7e6edc}\Shell\AutoRun\command - "" = I:\AutoRun.exe
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:813B8EB6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FA345B65

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step Three

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#3
Salagubang
Posted 22 February 2011 - 08:43 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP