Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSoDS and random shut downs and unable to start up

Started by SikOrSky12 , Jul 06 2011 07:23 PM

  • This topic is locked This topic is locked

#1
SikOrSky12
Posted 06 July 2011 - 07:23 PM

SikOrSky12

    Member

  • Member
  • PipPip
  • 18 posts
Hello, I need someone's help please. I keep getting random BlueScreen's (BSODS) and i managed to write down some important information for one of them (not sure if they are all the same problem) well this is what i wrote down:
STOP: 0x0000007E and atikmdag.sys I Google searched it and it appeared to be either a software or hardware error with my ATI video card so i was hoping it was a software issue so I re-installed it and I'm not sure if that is fixed now or not. Anyway my mum keeps complaining that everytime she gets on it wont start sometimes and it freezes, but today she told me it was frozen so I took a look at it and it was frozen on my the graphic of my motherboard, you know how it comes up with a screen as soon as you turn it on and it has a picture of you motherboard etc and has the option for F12 etc to goto the bios well that what I'm talking about, so i turned it off and turned it back on again and instead of my computer beeping once and going back to that screen for about 5 seconds and then loading windows it beeped more than once and then froze on the screen again, but i eventually got it to load windows. Also i suspect maybe some viruses or spyware on this computer as well but I'm not sure so it would be great if you guys could help me out with these errors please.

System Specs:
OS: Windows 7 Ultimate 64-bit
CPU: AMD Phenom II X4 970 Black Edition 3.5Ghz
GPU: AMD Radeon HD 6850 Factory OC'ed
MOBO: GA-880GM-USB3
RAM: 4GB
PCU: forgot what power supply it was but it was 700W though.
  • 0

Advertisements

#2
SikOrSky12
Posted 09 July 2011 - 04:20 AM

SikOrSky12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
bump
  • 0

#3
SikOrSky12
Posted 09 July 2011 - 09:05 PM

SikOrSky12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ok today i just got this BSOD:
MEMORY_MANAGEMENT STOP: 0x0000001A

this occurred while i was playing the game 'Fallout 3'.

Please someone i need help!!!
  • 0

#4
Essexboy
Posted 10 July 2011 - 08:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there bumping your topic means you will get bypassed as we look for zero replies

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#5
SikOrSky12
Posted 10 July 2011 - 10:13 PM

SikOrSky12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
yea that's what I figured :/. Sorry for bugging you guys.

Anyway here are the logs.

OTL:
OTL logfile created on: 7/11/2011 1:03:47 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Timothy\Desktop
64bit- Ultimate Edition Service Pack 3 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 68.10% Memory free
7.00 Gb Paging File | 5.42 Gb Available in Paging File | 77.44% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 723.48 Gb Free Space | 77.68% Space Free | Partition Type: NTFS

Computer Name: TIMOTHY-PC | User Name: Timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 13:01:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
PRC - [2011/06/04 14:27:06 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2010/11/04 16:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/11/20 21:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 16:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (SafeList) ==========

MOD - [2011/07/11 13:01:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
MOD - [2010/11/20 21:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/28 13:28:06 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/05/25 13:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2010/11/04 16:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/11/04 16:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/30 08:10:48 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/04 14:27:06 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/05 09:28:00 | 004,004,328 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/13 13:00:43 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/25 14:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/25 12:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/31 16:27:29 | 000,026,424 | --S- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DRIVER_BIN64 -- (DRIVER_B)
DRV:64bit: - [2011/03/31 04:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/03 05:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 11:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/07/29 11:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 11:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/07/29 11:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/27 13:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/12/18 08:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/20 21:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 21:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/21 02:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/10 07:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 15:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2011/07/11 06:29:32 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/06/26 13:42:00 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2005/01/02 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 2A DC 6A 0F D6 CB 01 [binary data]
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@web3d.com/Web 3D Player,version=2.0: C:\Program Files (x86)\Web 3D Player\npgamecore.dll (Helios Interactive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 7.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2011/07/11 06:32:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 7.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/18 23:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2011/07/05 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/05 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/06/19 13:03:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2011/06/18 23:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/02/27 11:42:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2011/06/30 22:45:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/18 23:00:56 | 000,000,000 | ---D | M]

[2011/02/27 10:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Extensions
[2011/07/04 06:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\i6iwrqtm.default\extensions
[2011/06/24 15:24:50 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\i6iwrqtm.default\extensions\[email protected]
[2011/06/18 11:38:00 | 000,000,000 | ---D | M] ("Webvision Plugin") -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\i6iwrqtm.default\extensions\[email protected]
File not found (No name found) --
() (No name found) -- C:\USERS\TIMOTHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I6IWRQTM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\TIMOTHY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I6IWRQTM.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/04/11 16:33:19 | 000,000,448 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.virustotal.com
O1 - Hosts: 127.0.0.1 www.mcafee.com
O1 - Hosts: 127.0.0.1 www.avira.com
O1 - Hosts: 127.0.0.1 www.avast.com
O1 - Hosts: 127.0.0.1 www.symantec.com
O1 - Hosts: 127.0.0.1 www.clamwin.com
O1 - Hosts: 127.0.0.1 www.kaspersky.com
O1 - Hosts: 127.0.0.1 www.comodo.com
O1 - Hosts: 127.0.0.1 www.norton.com
O1 - Hosts: 127.0.0.1 www.avg.com
O1 - Hosts: 127.0.0.1 www.novirusthanks.org
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 www.viruschief.com
O1 - Hosts: 127.0.0.1 www.fortiguard.com
O1 - Hosts: 127.0.0.1 www.bitdefender.com
O1 - Hosts: 127.0.0.1 www.f-secure.com
O2:64bit: - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll (SpeedBit Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1441474589-596432395-1113266856-1000..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-1441474589-596432395-1113266856-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\Gigabyte\GBTUpd\PreRun.exe (PreRun)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.53.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/28 13:17:39 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/11 13:01:20 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
[2011/07/11 02:22:44 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\AdobeUM
[2011/07/10 22:34:00 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Apple
[2011/07/09 23:25:41 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ApplicationHistory
[2011/07/09 22:39:30 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ElevatedDiagnostics
[2011/07/09 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora
[2011/07/08 02:00:00 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Adobe
[2011/07/07 21:52:18 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Autodesk
[2011/07/07 21:52:14 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Autodesk
[2011/07/07 18:07:15 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\ATI
[2011/07/07 18:06:50 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\ESET
[2011/07/07 18:06:50 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ESET
[2011/07/07 18:06:41 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\uTorrent
[2011/07/07 17:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
[2011/07/07 17:33:43 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Fallout3
[2011/07/07 17:00:01 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\IObit
[2011/07/07 11:34:27 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Xfire
[2011/07/07 11:23:38 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Macromedia
[2011/07/07 11:23:38 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Adobe
[2011/07/07 11:20:29 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ATI
[2011/07/06 19:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2011/07/06 19:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2011/07/06 19:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2011/07/05 21:50:00 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelIXB
[2011/07/05 20:46:33 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Desktop\FiresToolBox - Batch Bitmap Extractor
[2011/07/05 20:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/05 20:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/07/05 20:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/04 23:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteelIXB
[2011/07/04 19:13:34 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Movies
[2011/06/30 22:45:06 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\My Completed Downloads
[2011/06/30 22:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
[2011/06/30 14:06:37 | 000,000,000 | ---D | C] -- C:\Users\Timothy\.bitrock
[2011/06/30 14:05:49 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\xNormal
[2011/06/29 23:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw64
[2011/06/29 23:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\x264vfw64
[2011/06/29 23:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw
[2011/06/29 23:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/06/29 23:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2011/06/29 23:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Santiago Orgaz
[2011/06/29 23:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\Santiago Orgaz
[2011/06/28 21:15:54 | 000,000,000 | R--D | C] -- C:\Users\Timothy\Documents\Scanned Documents
[2011/06/28 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Fax
[2011/06/28 15:08:40 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\FOMM
[2011/06/28 14:58:08 | 000,000,000 | ---D | C] -- C:\Games
[2011/06/26 23:31:12 | 000,000,000 | ---D | C] -- C:\gmax
[2011/06/26 13:41:44 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/06/25 17:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2011/06/24 19:08:46 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Rockstar Games
[2011/06/24 15:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Beta
[2011/06/18 23:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/06/18 23:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011/06/18 23:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
[2011/06/18 23:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/06/18 23:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2011/06/18 23:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2011/06/18 23:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2011/06/18 23:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/06/18 22:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/06/18 22:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/06/18 22:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/06/18 22:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/06/18 22:56:26 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/06/18 22:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/06/12 19:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2011/06/12 00:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2011/06/12 00:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PACE Anti-Piracy
[2011/06/12 00:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2011/06/12 00:36:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity
[2011/06/11 23:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web 3D Player
[2011/06/11 23:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web 3D Player
[2011/06/11 23:04:14 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/06/11 23:04:14 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/06/11 23:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011/06/11 21:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioCompiler
[2011/06/11 21:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\StudioCompiler
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/11 13:01:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\OTL.exe
[2011/07/11 12:29:44 | 000,025,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/11 12:29:44 | 000,025,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/11 06:33:51 | 000,792,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/11 06:33:51 | 000,668,900 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/11 06:33:51 | 000,125,086 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/11 06:29:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/10 17:19:58 | 000,212,992 | ---- | M] () -- C:\Users\Timothy\Documents\project - Left Behind BSP.max
[2011/07/10 15:40:24 | 000,000,095 | ---- | M] () -- C:\Users\Timothy\AppData\Local\fusioncache.dat
[2011/07/10 12:57:48 | 490,764,241 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/07 17:43:54 | 000,001,290 | ---- | M] () -- C:\Users\Timothy\Desktop\Fallout Mod Manager.lnk
[2011/07/05 21:50:00 | 000,002,995 | ---- | M] () -- C:\Users\Timothy\Desktop\Halo Editing Kit Plus.lnk
[2011/07/05 20:57:47 | 004,853,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/02 12:09:47 | 000,002,220 | ---- | M] () -- C:\Users\Timothy\Desktop\Halo Custom Edition.lnk
[2011/07/01 11:53:56 | 000,050,169 | ---- | M] () -- C:\Users\Timothy\Desktop\sknife.jpg
[2011/06/30 22:45:04 | 000,109,216 | ---- | M] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/06/27 15:55:09 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 13:42:00 | 000,011,376 | ---- | M] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2011/06/25 15:08:34 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/06/25 15:08:34 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/25 11:18:17 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/06/25 04:51:18 | 000,036,352 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/06/18 23:09:29 | 000,208,103 | ---- | M] () -- C:\Windows\hpoins47.dat
[2011/06/11 23:04:14 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/06/11 23:04:14 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/10 17:19:58 | 000,212,992 | ---- | C] () -- C:\Users\Timothy\Documents\project - Left Behind BSP.max
[2011/07/10 15:40:24 | 000,000,095 | ---- | C] () -- C:\Users\Timothy\AppData\Local\fusioncache.dat
[2011/07/07 17:43:54 | 000,001,290 | ---- | C] () -- C:\Users\Timothy\Desktop\Fallout Mod Manager.lnk
[2011/07/05 21:50:00 | 000,002,995 | ---- | C] () -- C:\Users\Timothy\Desktop\Halo Editing Kit Plus.lnk
[2011/07/04 06:51:52 | 490,764,241 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/01 11:53:55 | 000,050,169 | ---- | C] () -- C:\Users\Timothy\Desktop\sknife.jpg
[2011/06/30 22:45:02 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/06/30 14:09:23 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2011/06/30 14:09:23 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/30 14:09:23 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2011/06/30 14:09:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/30 14:09:23 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2011/06/30 14:09:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/06/27 15:55:09 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 13:42:01 | 000,011,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2011/06/26 13:41:44 | 000,002,220 | ---- | C] () -- C:\Users\Timothy\Desktop\Halo Custom Edition.lnk
[2011/06/25 04:51:18 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/06/18 23:01:48 | 000,001,380 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/06/18 22:55:43 | 000,208,103 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/10 20:35:19 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/06 23:02:32 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/04/30 18:32:44 | 000,000,016 | RH-- | C] () -- C:\Users\Timothy\AppData\Local\D28F2E04.ini
[2011/04/12 20:56:16 | 000,061,782 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/26 21:48:02 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/03/26 20:45:03 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/03/22 14:54:17 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011/03/04 20:39:15 | 000,778,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/04 20:33:15 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/04 20:33:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/04 20:33:14 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/02/27 09:18:12 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011/02/27 09:09:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/27 09:03:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/04/01 09:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/08/27 17:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/29 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2011/04/29 07:09:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2011/07/07 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Autodesk
[2011/07/07 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\ESET
[2011/07/07 17:00:01 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\IObit
[2011/07/09 23:44:24 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\uTorrent
[2011/06/16 14:25:03 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 16:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/11/20 23:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 23:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Aurora\uninstall\helper.exe" /HideShortcuts [2011/07/11 06:32:58 | 000,705,620 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Aurora\uninstall\helper.exe" /ShowShortcuts [2011/07/11 06:32:58 | 000,705,620 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Aurora\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/07/11 06:32:58 | 000,705,620 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Aurora\firefox.exe [2011/07/11 06:32:58 | 000,917,504 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Aurora\firefox.exe" -preferences [2011/07/11 06:32:58 | 000,917,504 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Aurora\firefox.exe" -safe-mode [2011/07/11 06:32:58 | 000,917,504 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/21 23:35:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/21 23:35:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/21 23:35:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/04/21 23:35:27 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/04/21 23:35:27 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\AURORA\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/07/11 06:32:58 | 000,705,620 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\AURORA\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/07/11 06:32:58 | 000,705,620 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\AURORA\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/07/11 06:32:58 | 000,705,620 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\AURORA\FIREFOX.EXE [2011/07/11 06:32:58 | 000,917,504 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\AURORA\FIREFOX.EXE" -PREFERENCES [2011/07/11 06:32:58 | 000,917,504 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\AURORA\FIREFOX.EXE" -SAFE-MODE [2011/07/11 06:32:58 | 000,917,504 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/21 23:35:26 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/21 23:35:26 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/21 23:35:26 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/04/21 23:35:27 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/04/21 23:35:27 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 1225 bytes -> C:\ProgramData\Microsoft:LGtsQz9znm4KBfulwAvxzE83V
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:471C4A2D
@Alternate Data Stream - 1165 bytes -> C:\ProgramData\Microsoft:jJL1ieilfBeRn6OdlgiJGdlc93i

< End of report >



EXTRAS:

OTL Extras logfile created on: 7/11/2011 1:03:47 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Timothy\Desktop
64bit- Ultimate Edition Service Pack 3 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 68.10% Memory free
7.00 Gb Paging File | 5.42 Gb Available in Paging File | 77.44% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 723.48 Gb Free Space | 77.68% Space Free | Partition Type: NTFS

Computer Name: TIMOTHY-PC | User Name: Timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" = C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{35B226DA-E3F6-21FD-31AB-0046C6E87043}" = ATI Problem Report Wizard
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{57A55288-6BA7-47F4-9F6D-9E4086463471}" = ESET Smart Security
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24 (64-bit)
"{698EDD46-FC0B-926F-54DF-23B6BB20EDFC}" = AMD Drag and Drop Transcoding
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B45B5123-C009-F8B4-FE93-45B42C8A786F}" = ATI AVIVO64 Codecs
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E06AF9BE-E1D6-4867-8DBF-74E4BA32BBB3}" = DAP Plug-in for 64 Bit IE
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAE188FD-A941-49E9-A5E9-F6D88517EC40}" = Smart Recovery B09.1218.1 (x64)
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"GCFScape_is1" = GCFScape 1.8.2
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = AMD VISION Engine Control Center
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B80BE2E3-EA77-53D4-7A56-C53D452E6D50}" = HydraVision
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EADD5291-5EF0-41E4-B12F-F3CF4B976D97}_is1" = Web 3D Player
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5DDF8AC-FF00-45DE-A982-13F6CFF7A944}" = Halo Editing Kit Plus
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Akamai" = Akamai NetSession Interface
"ArmA 2" = ArmA 2 Uninstall
"Aurora 7.0a2 (x86 en-US)" = Aurora 7.0a2 (x86 en-US)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.12.6
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"Fraps" = Fraps
"Halo CE" = Microsoft Halo Custom Edition
"HP Photo Creations" = HP Photo Creations
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"Six Updater Suite" = Six Updater Suite
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Steam App 211" = Source SDK
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VTFEdit_is1" = VTFEdit 1.2.5
"WinLiveSuite" = Windows Live Essentials
"x264vfw64" = x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only)
"Xfire" = Xfire (remove only)
"xNormal 3.17.5" = xNormal 3.17.5
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1441474589-596432395-1113266856-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free (PTE) (Timothy)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


ASWMBR:


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-11 13:28:01
-----------------------------
13:28:01.225 OS Version: Windows x64 6.1.7601 Service Pack 3
13:28:01.225 Number of processors: 4 586 0x403
13:28:01.225 ComputerName: TIMOTHY-PC UserName: Timothy
13:28:07.086 Initialize success
13:29:33.877 AVAST engine defs: 11071001
13:29:40.261 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
13:29:40.262 Disk 0 Vendor: ST31000524AS JC45 Size: 953869MB BusType: 3
13:29:42.273 Disk 0 MBR read successfully
13:29:42.274 Disk 0 MBR scan
13:29:42.276 Disk 0 Windows 7 default MBR code
13:29:42.277 Service scanning
13:29:43.305 Disk 0 trace - called modules:
13:29:43.307 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:29:43.309 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a54060]
13:29:43.311 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8003aea550]
13:29:43.313 5 ACPI.sys[fffff88000f307a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8003ae7060]
13:29:46.651 AVAST engine scan C:\Windows
13:34:25.857 File: C:\Windows\System32\drivers\en-US\bfe.dll.mui **SUSPICIOUS**
13:34:26.336 File: C:\Windows\System32\drivers\en-US\ndiscap.sys.mui **SUSPICIOUS**
13:34:26.415 File: C:\Windows\System32\drivers\en-US\pacer.sys.mui **SUSPICIOUS**
13:34:26.561 File: C:\Windows\System32\drivers\en-US\qwavedrv.sys.mui **SUSPICIOUS**
13:34:26.661 File: C:\Windows\System32\drivers\en-US\scfilter.sys.mui **SUSPICIOUS**
13:34:26.762 File: C:\Windows\System32\drivers\en-US\tcpip.sys.mui **SUSPICIOUS**
13:34:31.079 File: C:\Windows\System32\drivers\secdrv.sys **SUSPICIOUS**
13:34:33.152 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
13:55:19.258 AVAST engine scan C:\Users\Timothy
13:59:33.929 AVAST engine scan C:\ProgramData
14:01:07.396 Scan finished successfully
14:02:59.239 Disk 0 MBR has been saved successfully to "C:\Users\Timothy\Desktop\MBR.dat"
14:02:59.242 The log file has been saved successfully to "C:\Users\Timothy\Desktop\aswMBR.txt"
  • 0

#6
Essexboy
Posted 11 July 2011 - 11:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We can ignore the suspicious entries from aswMBR as the are OK. Is the graphics card still overclocked ?
On completion of this run can you let me know what the current problems are, is it still slow in starting/freezing

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    @Alternate Data Stream - 1225 bytes -> C:\ProgramData\Microsoft:LGtsQz9znm4KBfulwAvxzE83V
    @Alternate Data Stream - 1165 bytes -> C:\ProgramData\Microsoft:jJL1ieilfBeRn6OdlgiJGdlc93i

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
SikOrSky12
Posted 11 July 2011 - 10:45 PM

SikOrSky12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The Graphics card is Factory Overclocked, i did overclock them further than the Factory overclocked settings ages ago but i set them back to default about a week after i changed them. So yes it's still factory overclocked, but seeming its factory Oc'ed it should be fine?
Start up and shutdown speeds seem fine, i haven't occurred any BSoDs yet or freezes but i haven't had time to properly test. I also forgot to mention that after i log on before it shows my desktop background, taskbar and icons it stays on a black screen for about 10 seconds then loads the desktop etc, is this a problem with my computer also?

here is the log:

OTL logfile created on: 7/12/2011 2:35:15 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Timothy\Desktop\scanners
64bit- Ultimate Edition Service Pack 3 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.09% Memory free
7.00 Gb Paging File | 5.44 Gb Available in Paging File | 77.71% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 721.42 Gb Free Space | 77.45% Space Free | Partition Type: NTFS

Computer Name: TIMOTHY-PC | User Name: Timothy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/11 13:01:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\scanners\OTL.exe
PRC - [2011/06/30 22:45:04 | 002,918,576 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files (x86)\DAP\DAP.exe
PRC - [2011/06/04 14:27:06 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2010/11/04 16:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/11/20 21:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 16:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (SafeList) ==========

MOD - [2011/07/11 13:01:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Timothy\Desktop\scanners\OTL.exe
MOD - [2010/11/20 21:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/28 13:28:06 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/05/25 13:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2010/11/04 16:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/11/04 16:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/06/30 08:10:48 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/04 14:27:06 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/04/05 09:28:00 | 004,004,328 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011/03/21 11:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/13 13:00:43 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 16:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/25 14:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/25 12:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/31 16:27:29 | 000,026,424 | --S- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DRIVER_BIN64 -- (DRIVER_B)
DRV:64bit: - [2011/03/31 04:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/03 05:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 11:31:26 | 000,171,152 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/07/29 11:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 11:31:26 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/07/29 11:31:26 | 000,033,632 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/27 13:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/12/18 08:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/11/20 21:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 21:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/21 02:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/10 07:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 15:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2011/07/12 14:32:27 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/06/26 13:42:00 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2005/01/02 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 2A DC 6A 0F D6 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=4.0: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@web3d.com/Web 3D Player,version=2.0: C:\Program Files (x86)\Web 3D Player\npgamecore.dll (Helios Interactive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/18 23:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2011/07/05 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/05 17:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/07/11 18:44:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins [2011/06/18 23:01:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/02/27 11:42:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files (x86)\DAP\DAPFireFox [2011/06/30 22:45:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/06/18 23:00:56 | 000,000,000 | ---D | M]

[2011/07/11 19:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Extensions
[2011/07/11 18:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\i6iwrqtm.default\extensions
[2011/07/11 19:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timothy\AppData\Roaming\Mozilla\Firefox\Profiles\rs0ljvq8.default\extensions

O1 HOSTS File: ([2011/07/12 14:30:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\DAPIELoader64.dll (SpeedBit Ltd.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files (x86)\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\Gigabyte\GBTUpd\PreRun.exe (PreRun)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.53.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/28 13:17:39 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 14:30:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/11 14:14:32 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Desktop\scanners
[2011/07/11 02:22:44 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\AdobeUM
[2011/07/10 22:34:00 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Apple
[2011/07/09 23:25:41 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ApplicationHistory
[2011/07/09 22:39:30 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ElevatedDiagnostics
[2011/07/08 02:00:00 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Adobe
[2011/07/07 21:52:18 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Autodesk
[2011/07/07 21:52:14 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Autodesk
[2011/07/07 18:07:15 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\ATI
[2011/07/07 18:06:50 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\ESET
[2011/07/07 18:06:50 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ESET
[2011/07/07 18:06:41 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\uTorrent
[2011/07/07 17:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
[2011/07/07 17:33:43 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\Fallout3
[2011/07/07 17:00:01 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\IObit
[2011/07/07 11:34:27 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Xfire
[2011/07/07 11:23:38 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Macromedia
[2011/07/07 11:23:38 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Adobe
[2011/07/07 11:20:29 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Local\ATI
[2011/07/06 19:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2011/07/06 19:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2011/07/06 19:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2011/07/05 21:50:00 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelIXB
[2011/07/05 20:46:33 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Desktop\FiresToolBox - Batch Bitmap Extractor
[2011/07/05 20:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/07/05 20:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/07/05 20:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/07/04 23:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteelIXB
[2011/07/04 19:13:34 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Movies
[2011/06/30 22:45:06 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\My Completed Downloads
[2011/06/30 22:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
[2011/06/30 14:06:37 | 000,000,000 | ---D | C] -- C:\Users\Timothy\.bitrock
[2011/06/30 14:05:49 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\xNormal
[2011/06/29 23:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw64
[2011/06/29 23:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\x264vfw64
[2011/06/29 23:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw
[2011/06/29 23:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/06/29 23:46:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2011/06/29 23:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Santiago Orgaz
[2011/06/29 23:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\Santiago Orgaz
[2011/06/28 21:15:54 | 000,000,000 | R--D | C] -- C:\Users\Timothy\Documents\Scanned Documents
[2011/06/28 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Fax
[2011/06/28 15:08:40 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\FOMM
[2011/06/28 14:58:08 | 000,000,000 | ---D | C] -- C:\Games
[2011/06/26 23:31:12 | 000,000,000 | ---D | C] -- C:\gmax
[2011/06/26 13:41:44 | 000,000,000 | ---D | C] -- C:\Users\Timothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/06/25 17:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2011/06/24 19:08:46 | 000,000,000 | ---D | C] -- C:\Users\Timothy\Documents\Rockstar Games
[2011/06/24 15:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft Beta
[2011/06/18 23:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/06/18 23:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011/06/18 23:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
[2011/06/18 23:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/06/18 23:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2011/06/18 23:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2011/06/18 23:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2011/06/18 23:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/06/18 22:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/06/18 22:58:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/06/18 22:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/06/18 22:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/06/18 22:56:26 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/06/18 22:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/06/12 19:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation

========== Files - Modified Within 30 Days ==========

[2011/07/12 14:32:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/12 14:31:21 | 000,025,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/12 14:31:21 | 000,025,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/12 14:30:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/12 12:47:36 | 000,792,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/12 12:47:36 | 000,668,900 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/12 12:47:36 | 000,125,086 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/11 18:44:36 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/11 14:34:27 | 448,819,985 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/10 15:40:24 | 000,000,095 | ---- | M] () -- C:\Users\Timothy\AppData\Local\fusioncache.dat
[2011/07/07 17:43:54 | 000,001,290 | ---- | M] () -- C:\Users\Timothy\Desktop\Fallout Mod Manager.lnk
[2011/07/05 21:50:00 | 000,002,995 | ---- | M] () -- C:\Users\Timothy\Desktop\Halo Editing Kit Plus.lnk
[2011/07/05 20:57:47 | 004,853,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/02 12:09:47 | 000,002,220 | ---- | M] () -- C:\Users\Timothy\Desktop\Halo Custom Edition.lnk
[2011/07/01 11:53:56 | 000,050,169 | ---- | M] () -- C:\Users\Timothy\Desktop\sknife.jpg
[2011/06/30 22:45:04 | 000,109,216 | ---- | M] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/06/27 15:55:09 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 13:42:00 | 000,011,376 | ---- | M] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2011/06/25 15:08:34 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/06/25 15:08:34 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/25 11:18:17 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/06/25 04:51:18 | 000,036,352 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/06/18 23:09:29 | 000,208,103 | ---- | M] () -- C:\Windows\hpoins47.dat

========== Files Created - No Company Name ==========

[2011/07/11 18:44:36 | 000,001,222 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/10 15:40:24 | 000,000,095 | ---- | C] () -- C:\Users\Timothy\AppData\Local\fusioncache.dat
[2011/07/07 17:43:54 | 000,001,290 | ---- | C] () -- C:\Users\Timothy\Desktop\Fallout Mod Manager.lnk
[2011/07/05 21:50:00 | 000,002,995 | ---- | C] () -- C:\Users\Timothy\Desktop\Halo Editing Kit Plus.lnk
[2011/07/04 06:51:52 | 448,819,985 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/07/01 11:53:55 | 000,050,169 | ---- | C] () -- C:\Users\Timothy\Desktop\sknife.jpg
[2011/06/30 22:45:02 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/06/30 14:09:23 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2011/06/30 14:09:23 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/30 14:09:23 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2011/06/30 14:09:23 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/30 14:09:23 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2011/06/30 14:09:23 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2011/06/27 15:55:09 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/26 13:42:01 | 000,011,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2011/06/26 13:41:44 | 000,002,220 | ---- | C] () -- C:\Users\Timothy\Desktop\Halo Custom Edition.lnk
[2011/06/25 04:51:18 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/06/18 23:01:48 | 000,001,380 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/06/18 22:55:43 | 000,208,103 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/10 20:35:19 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/06 23:02:32 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/04/30 18:32:44 | 000,000,016 | RH-- | C] () -- C:\Users\Timothy\AppData\Local\D28F2E04.ini
[2011/04/12 20:56:16 | 000,061,782 | ---- | C] () -- C:\Windows\SysWow64\wbers.dat.dmp
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/26 21:48:02 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/03/26 20:45:03 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/03/22 14:54:17 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011/03/04 20:39:15 | 000,778,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/04 20:33:15 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/04 20:33:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/04 20:33:14 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/02/27 09:18:12 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011/02/27 09:09:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/27 09:03:11 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/04/01 09:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009/09/16 18:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/08/27 17:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/07/14 15:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 12:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 10:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/07 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\Autodesk
[2011/07/07 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\ESET
[2011/07/07 17:00:01 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\IObit
[2011/07/09 23:44:24 | 000,000,000 | ---D | M] -- C:\Users\Timothy\AppData\Roaming\uTorrent
[2011/06/16 14:25:03 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:553CA6CA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:471C4A2D

< End of report >
  • 0

#8
SikOrSky12
Posted 11 July 2011 - 11:19 PM

SikOrSky12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Ok i got another one, i was playing a game called fallout 3 and it froze then shutdown my computer and it said on my moniter "no signal" then it went to a blue screen saying this:

STOP: C000021a {Fatal System Error}
The windows SubSystem system process terminated unexpectedly with a status of 0x80000003 (0xfd712e18 0x00b6f410).
The system has been shut down.

so im still getting freezes and stuff
  • 0

#9
Essexboy
Posted 12 July 2011 - 10:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

shutdown my computer and it said on my moniter "no signal" then it went to a blue screen saying this:
STOP: C000021a {Fatal System Error}
The windows SubSystem system process terminated unexpectedly with a status of 0x80000003 (0xfd712e18 0x00b6f410).
The system has been shut down.

Sound very much like a card problem to me

Lets try a clean boot and see if that resolves the problem

Could you follow the steps on this MS Page and let me know if that resolves the problem - if so at what driver/service did the BSOD/freezes reappear
  • 0

#10
SikOrSky12
Posted 12 July 2011 - 08:13 PM

SikOrSky12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ok i followed the first few steps and disabled half of my services (excluding microsoft ones) ran fallout 3 after about 5 minutes it crashed and i got a BSOD saying this:

dxgmms1.sys
PAGE_FAULT_IN_NONPAGED_AREA
STOP:0x00000050

is this what you are looking for? also i had never gotten this BSOD before, i used to always get atikmdag.sys ones but then i re-installed the latest driver and i haven't gotten it since. Also i dont seem to be getting freezes and crashes on start up anymore (well not that i know of anyway) i'm starting to think its just Fallout 3 because i can play any other game without crashing like Crysis 1-2 and these are all maxed out (settings) as well so i can actually run the games. So what should i do?

Edited by SikOrSky12, 12 July 2011 - 08:21 PM.

  • 0

Advertisements

#11
SikOrSky12
Posted 13 July 2011 - 04:12 AM

SikOrSky12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ok its not just fallout 3 as i was playing cod 4 and it crashed as well. here is another BSOD ugh....

BAD_POOL_HEADER
STOP: 0x00000019
  • 0

#12
Essexboy
Posted 13 July 2011 - 11:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sounds like it may be a hardware problem

If you have more than one RAM module installed, try starting computer with one RAM stick at a time.

NOTE Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A

B. If you have only one RAM stick installed...
...run memtest...

1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86+-2.11.iso.zip file.
3. Inside, you'll find memtest86+-2.11.iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:

Posted Image

8. Locate memtest86+-2.11.iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:

Posted Image

10. Once the CD is created, boot from it, and memtest will automatically start to run. You may have to change the boot sequence in your BIOS to make it work right.

To change Boot Sequence in your BIOS

Reboot the system and at the first post screen (where it is counting up memory) start tapping the DEL button
This will enter you into the Bios\Cmos area.
Find the Advanced area and click Enter
Look for Boot Sequence or Boot Options and highlight that click Enter
Now highlight the first drive and follow the directions on the bottom of the screen on how to modify it and change it to CDrom.
Change the second drive to the C or Main Drive
Once that is done then click F10 to Save and Exit
You will prompted to enter Y to verify Save and Exit. Click Y and the system will now reboot with the new settings.


The running program will look something like this depending on the size and number of ram modules installed:


Posted Image

It's recommended to run 5-6 passes. Each pass contains very same 8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.

Posted Image

The following image is the test results area:

Posted Image

The most important item here is the “errors” line. If you see ANY errors, even one, most likely, you have bad RAM.
  • 0

#13
SikOrSky12
Posted 14 July 2011 - 04:42 AM

SikOrSky12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
by option A did you mean take out the Ram stick from the motherboard? because i didnt want to do that (i hate 2 2gb ram sticks)

Anyway i did option B and ran Memtest and did 8 (eight) passes (i forgot how many i was supposed to do) and i received no errors.

So it must be my gpu seeming i got a BSOD ages ago and i searched up on it (the bsod was about atikmdag.sys or something like that) and it generally occurs because of a ati gpu driver or hardware problem.

so what should i do?
  • 0

#14
Essexboy
Posted 14 July 2011 - 10:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
With ruling out a main RAM problem it is defiinitely being narrowed down now to the card or the leads/monitor, do you have a spare video card you could insert and then test out ?
  • 0

#15
SikOrSky12
Posted 14 July 2011 - 10:42 PM

SikOrSky12

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
well i had a gpu that was inbuilt into the motherboard, otherwise no i don't have a proper gpu.

also i ran a diskcheck (it went for about 4 hours) and cleaned the C drive and also ran a SFC scan which repairs corrupted windows files etc, and scanning through the log it has repaired alot of system files and some are still corrupted, well atleast it did something anyway.

Ugh...another BSOD this one is also caused by the video card well after some research anyway, but maye you know more about this one.

STOP: 0x0000003B SYSTEM_SERVICE_EXCEPTION

Edited by SikOrSky12, 15 July 2011 - 09:01 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP