OTL Logs:
OTL logfile created on: 8/3/2011 1:11:12 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Keith\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.54% Memory free
15.96 Gb Paging File | 13.77 Gb Available in Paging File | 86.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 755.52 Gb Free Space | 81.12% Space Free | Partition Type: NTFS
Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/08/03 13:10:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\OTL.exe
PRC - [2011/06/22 00:15:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/03 21:08:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/05/25 01:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/05/20 06:44:29 | 004,838,912 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe
PRC - [2011/03/22 03:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/15 06:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010/11/15 06:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010/11/01 13:25:36 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009/07/13 20:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
========== Modules (SafeList) ========== MOD - [2011/08/03 13:10:07 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
========== Win32 Services (SafeList) ========== SRV:
64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:
64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:
64bit: - [2011/03/13 11:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:
64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:
64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:
64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:
64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:
64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:
64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:
64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:
64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/07/13 17:28:01 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/03 21:08:44 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/05/25 01:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/05/20 06:49:10 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/22 03:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/11/15 06:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2011/05/27 02:58:26 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:
64bit: - [2011/05/25 01:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:
64bit: - [2011/05/20 06:44:29 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:
64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:
64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:
64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:
64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:
64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:
64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:
64bit: - [2011/03/13 11:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:
64bit: - [2011/03/13 11:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:
64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/02/08 00:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:
64bit: - [2010/12/22 19:00:24 | 000,017,928 | ---- | M] (ASRock Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AsrHidFilter.sys -- (AsrHidFilter)
DRV:
64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:
64bit: - [2010/09/30 22:35:06 | 000,302,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:
64bit: - [2010/06/23 04:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2010/06/11 14:37:14 | 000,015,368 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:
64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:
64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2007/08/17 07:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-262569767-2576275476-1747881736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:splashtopconnect
IE - HKU\S-1-5-21-262569767-2576275476-1747881736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKU\S-1-5-21-262569767-2576275476-1747881736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-262569767-2576275476-1747881736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 57 1C C7 E2 16 CC 01 [binary data]
IE - HKU\S-1-5-21-262569767-2576275476-1747881736-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-262569767-2576275476-1747881736-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://www.facebook.com/" FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Keith\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Keith\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/08/02 13:22:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/02 13:16:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/05/20 08:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2011/08/02 12:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\qt1xj0zj.default\extensions
[2011/06/22 10:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/05 21:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/22 10:34:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QT1XJ0ZJ.DEFAULT\EXTENSIONS\
[email protected][2011/06/22 00:15:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:
64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110802131635.dll (McAfee, Inc.)
O2:
64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110802131635.dll (McAfee, Inc.)
O2 - BHO: (brincome browser plug-in) - {9FF80F96-5806-53F7-B5DE-CD0D2168E4C1} - C:\Windows\SysWOW64\sqfoaqkgpib.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:
64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:
64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ojrfghhhvqpsszmf] C:\Windows\SysWow64\sqfoaqkgpib.dll ()
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [svchost.exe] C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\auto.lnk ()
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-262569767-2576275476-1747881736-1000..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKU\S-1-5-21-262569767-2576275476-1747881736-1000..\Run: [Fatal1tySTU] File not found
O4 - HKU\S-1-5-21-262569767-2576275476-1747881736-1000..\Run: [RGSC] File not found
O4 - HKU\S-1-5-21-262569767-2576275476-1747881736-1000..\Run: [zASRockInstantBoot] File not found
O4 - HKU\S-1-5-21-262569767-2576275476-1747881736-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-262569767-2576275476-1747881736-1001..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:
64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:
64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:
64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2011/08/03 12:40:53 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/08/03 12:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/03 12:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/08/02 14:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/08/02 14:50:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/08/02 13:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2011/08/02 13:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2011/08/02 13:16:34 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2011/08/02 13:16:06 | 000,441,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2011/08/02 13:16:06 | 000,283,744 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2011/08/02 13:16:06 | 000,190,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2011/08/02 13:16:06 | 000,094,992 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2011/08/02 13:16:06 | 000,075,160 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2011/08/02 13:16:06 | 000,063,056 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2011/08/02 13:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/08/02 13:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/08/02 13:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/08/02 13:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2011/08/02 13:10:03 | 000,158,832 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2011/08/02 13:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/07/30 22:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/30 22:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/07/30 20:57:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/07/30 20:27:21 | 000,000,000 | ---D | C] -- C:\Users\Keith\Documents\Adobe
[2011/07/30 20:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2011/07/30 20:24:53 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\Adobe
[2011/07/30 16:26:34 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\dvdcss
[2011/07/30 16:25:12 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2011/07/30 16:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2011/07/30 16:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2011/07/30 16:22:27 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Diagnostics
[2011/07/28 00:14:01 | 000,000,000 | ---D | C] -- C:\Users\Keith\riotsGamesLogs
[2011/07/24 13:52:35 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Publish Providers
[2011/07/24 13:51:23 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Sony
[2011/07/24 13:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/07/24 13:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011/07/24 13:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/07/24 13:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011/07/24 13:48:59 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Sony
[2011/07/09 12:49:32 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\PhotoScape
[2011/07/09 12:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2011/07/09 12:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2011/07/09 12:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/07/09 12:38:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/08/03 12:55:09 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 12:55:09 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 12:55:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-262569767-2576275476-1747881736-1000UA.job
[2011/08/03 12:40:53 | 000,002,975 | ---- | M] () -- C:\Users\Keith\Desktop\HiJackThis.lnk
[2011/08/03 12:28:12 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/03 12:28:12 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/03 12:28:12 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/03 12:24:01 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/08/03 12:23:52 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\Kukkqgmbuq.job
[2011/08/03 12:23:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/03 12:23:39 | 2133,864,447 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/03 03:17:32 | 000,271,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/02 16:55:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-262569767-2576275476-1747881736-1000Core.job
[2011/08/02 15:03:46 | 000,007,606 | ---- | M] () -- C:\Users\Keith\AppData\Local\Resmon.ResmonCfg
[2011/07/30 23:06:31 | 000,000,089 | ---- | M] () -- C:\Windows\wininit.ini
[2011/07/30 20:27:06 | 000,001,676 | ---- | M] () -- C:\Users\Keith\Desktop\Audition - Shortcut.lnk
[2011/07/30 20:25:16 | 000,039,551 | ---- | M] () -- C:\Windows\SysWow64\llolvzclcrvghwvsu.exe
[2011/07/30 20:25:13 | 000,368,402 | ---- | M] () -- C:\Program Files (x86)\driverspackv32563.exe
[2011/07/30 20:25:00 | 000,065,536 | RHS- | M] () -- C:\Windows\SysWow64\spopkv.dll
[2011/07/30 16:25:12 | 000,001,196 | ---- | M] () -- C:\Users\Keith\Desktop\Xilisoft DVD Audio Ripper 4.lnk
[2011/07/30 07:34:04 | 000,001,171 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/07/28 05:03:00 | 000,726,528 | ---- | M] () -- C:\Windows\SysWow64\sqfoaqkgpib.dll
[2011/07/24 19:54:00 | 000,109,168 | ---- | M] () -- C:\Users\Keith\Documents\wedding.veg
[2011/07/24 19:11:44 | 047,275,425 | ---- | M] () -- C:\Users\Keith\Desktop\wedding1.mp4
[2011/07/24 18:57:16 | 000,181,160 | ---- | M] () -- C:\Users\Keith\Documents\wedding.veg.bak
[2011/07/24 13:52:21 | 000,002,596 | ---- | M] () -- C:\Users\Keith\Documents\Register Vegas Pro.htm
[2011/07/13 17:30:26 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/07/13 17:30:26 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/13 17:28:47 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/07/09 12:48:32 | 000,001,031 | ---- | M] () -- C:\Users\Keith\Desktop\PhotoScape.lnk
[2011/07/09 12:38:55 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/08/03 12:40:53 | 000,002,975 | ---- | C] () -- C:\Users\Keith\Desktop\HiJackThis.lnk
[2011/08/02 13:17:01 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/07/31 00:15:53 | 000,007,606 | ---- | C] () -- C:\Users\Keith\AppData\Local\Resmon.ResmonCfg
[2011/07/30 23:06:31 | 000,000,089 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/30 20:27:06 | 000,001,676 | ---- | C] () -- C:\Users\Keith\Desktop\Audition - Shortcut.lnk
[2011/07/30 20:26:01 | 000,002,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition 3.0.lnk
[2011/07/30 20:25:16 | 000,039,551 | ---- | C] () -- C:\Windows\SysWow64\llolvzclcrvghwvsu.exe
[2011/07/30 20:25:13 | 000,368,402 | ---- | C] () -- C:\Program Files (x86)\driverspackv32563.exe
[2011/07/30 20:25:00 | 000,065,536 | RHS- | C] () -- C:\Windows\SysWow64\spopkv.dll
[2011/07/30 20:25:00 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\Kukkqgmbuq.job
[2011/07/30 16:25:12 | 000,001,196 | ---- | C] () -- C:\Users\Keith\Desktop\Xilisoft DVD Audio Ripper 4.lnk
[2011/07/28 05:03:00 | 000,726,528 | ---- | C] () -- C:\Windows\SysWow64\sqfoaqkgpib.dll
[2011/07/24 19:09:21 | 047,275,425 | ---- | C] () -- C:\Users\Keith\Desktop\wedding1.mp4
[2011/07/24 14:42:03 | 000,181,160 | ---- | C] () -- C:\Users\Keith\Documents\wedding.veg.bak
[2011/07/24 14:42:03 | 000,109,168 | ---- | C] () -- C:\Users\Keith\Documents\wedding.veg
[2011/07/24 13:52:21 | 000,002,596 | ---- | C] () -- C:\Users\Keith\Documents\Register Vegas Pro.htm
[2011/07/09 12:48:32 | 000,001,031 | ---- | C] () -- C:\Users\Keith\Desktop\PhotoScape.lnk
[2011/07/09 12:38:55 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/07/05 10:51:53 | 000,000,312 | ---- | C] () -- C:\Users\Keith\Desktop\Curse Client.appref-ms
[2011/06/16 19:43:43 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/06/03 20:56:21 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/05/22 15:16:36 | 000,000,093 | ---- | C] () -- C:\Users\Keith\AppData\Local\fusioncache.dat
[2011/05/21 21:47:01 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/21 21:46:01 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/05/21 21:46:01 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/05/21 21:46:01 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/20 06:51:00 | 000,001,112 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/05/20 06:51:00 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/05/20 06:51:00 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/05/20 06:50:59 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/05/20 06:50:59 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ========== [2011/05/20 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\DeviceVm
[2011/05/20 13:27:10 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\LolClient
[2011/07/09 12:56:16 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\PhotoScape
[2011/07/24 19:03:31 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Publish Providers
[2011/07/24 15:06:52 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Sony
[2011/06/24 12:03:48 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Splashtop
[2011/08/03 12:23:52 | 000,000,306 | -HS- | M] () -- C:\Windows\Tasks\Kukkqgmbuq.job
[2011/07/20 07:56:29 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/22 00:15:46 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/22 00:15:46 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/22 00:15:46 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/06/22 00:15:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/06/22 00:15:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/22 00:15:47 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Keith\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/07/08 23:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/13 10:34:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/13 10:34:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/13 10:34:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/06/13 10:34:29 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/06/13 10:34:29 | 000,748,336 | ---- | M] (Microsoft Corporation)
< End of report >
Extras
OTL Extras logfile created on: 8/3/2011 1:11:12 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Keith\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 6.11 Gb Available Physical Memory | 76.54% Memory free
15.96 Gb Paging File | 13.77 Gb Available in Paging File | 86.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 755.52 Gb Free Space | 81.12% Space Free | Partition Type: NTFS
Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-262569767-2576275476-1747881736-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C616FD4F-11F5-11E0-A38F-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{12FAF8C2-0061-429D-B7B4-FF1C9C58A99C}" = THX TruStudio Pro
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 26
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}" = Splashtop Connect IE
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Audio Ripper 4" = DVD Audio Ripper 4
"EADM" = EA Download Manager
"Fraps" = Fraps (remove only)
"F-Stream Tuning_is1" = F-Stream Tuning v0.1.27.7
"hon" = Heroes of Newerth
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"InstantBoot_is1" = InstantBoot
"llolvzclcrvghwvsu" = Performance Solution Brincome.
"MagniDriver" = marvell 91xx driver
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSC" = McAfee SecurityCenter
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 35110" = Just Cause 2 Demo
"Steam App 35130" = Lara Croft and the Guardian of Light
"Steam App 39230" = Dungeon Siege III Demo
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"VLC media player" = VLC media player 1.1.9
"World of Warcraft" = World of Warcraft
"XFastUsb" = XFastUsb
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-262569767-2576275476-1747881736-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 8/2/2011 3:47:39 PM | Computer Name = Keith-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/2/2011 3:47:39 PM | Computer Name = Keith-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/2/2011 3:47:39 PM | Computer Name = Keith-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/2/2011 3:47:39 PM | Computer Name = Keith-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/2/2011 3:47:40 PM | Computer Name = Keith-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/2/2011 3:48:24 PM | Computer Name = Keith-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 8/2/2011 3:59:28 PM | Computer Name = Keith-PC | Source = ESENT | ID = 215
Description = WinMail (1904) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.
Error - 8/2/2011 3:59:32 PM | Computer Name = Keith-PC | Source = ESENT | ID = 215
Description = WinMail (3536) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.
Error - 8/3/2011 1:30:17 AM | Computer Name = Keith-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.
Error - 8/3/2011 5:37:33 AM | Computer Name = Keith-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7ba58 Exception code: 0xc0000374 Fault offset: 0x000ce653 Faulting
process id: 0x6b4 Faulting application start time: 0x01cc51c0f48c94b2 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 36a26644-bdb4-11e0-bc3f-002522b2bc9c
[ System Events ]
Error - 8/2/2011 3:51:10 PM | Computer Name = Keith-PC | Source = bowser | ID = 8003
Description =
Error - 8/2/2011 3:57:50 PM | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsrHidFilter
Error - 8/2/2011 4:00:25 PM | Computer Name = Keith-PC | Source = DCOM | ID = 10016
Description =
Error - 8/3/2011 4:16:25 AM | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsrHidFilter
Error - 8/3/2011 4:17:44 AM | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsrHidFilter
Error - 8/3/2011 1:23:59 PM | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsrHidFilter
Error - 8/3/2011 1:26:13 PM | Computer Name = Keith-PC | Source = bowser | ID = 8003
Description =
Error - 8/3/2011 1:38:16 PM | Computer Name = Keith-PC | Source = bowser | ID = 8003
Description =
Error - 8/3/2011 1:50:18 PM | Computer Name = Keith-PC | Source = bowser | ID = 8003
Description =
Error - 8/3/2011 1:50:18 PM | Computer Name = Keith-PC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the computer that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.
< End of report >