OTL.Txt
OTL logfile created on: 3/31/2013 6:36:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kwai-Tat\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.96 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 66.18% Memory free
5.92 Gb Paging File | 4.75 Gb Available in Paging File | 80.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 165.54 Gb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive E: | 1.84 Gb Total Space | 1.84 Gb Free Space | 99.88% Space Free | Partition Type: FAT
Computer Name: KWAI-TAT-PC | User Name: Kwai-Tat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/03/31 18:34:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kwai-Tat\Downloads\OTL.exe
PRC - [2013/01/23 14:42:10 | 000,016,896 | ---- | M] (Brand Affinity Technologies) -- C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
PRC - [2012/05/10 10:28:10 | 000,252,264 | ---- | M] (Vertro Inc.) -- C:\Users\Kwai-Tat\AppData\LocalLow\alotservice\alotservice.exe
PRC - [2012/03/30 00:10:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/10/29 05:57:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/08/17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 17:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/05 06:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
PRC - [2009/05/05 06:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2006/12/19 05:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SysWOW64\SAgent4.exe
========== Modules (No Company Name) ========== MOD - [2009/07/14 00:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 00:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 00:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009/06/18 22:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
========== Services (SafeList) ========== SRV:
64bit: - [2009/07/16 21:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:
64bit: - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:
64bit: - [2009/03/02 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV:
64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/01/23 14:42:10 | 000,016,896 | ---- | M] (Brand Affinity Technologies) [Auto | Running] -- C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe -- (FTSvc)
SRV - [2013/01/08 15:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/10 10:28:10 | 000,252,264 | ---- | M] (Vertro Inc.) [Auto | Running] -- C:\Users\Kwai-Tat\AppData\LocalLow\alotservice\alotservice.exe -- (AlotService)
SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/10/29 06:03:30 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/08/17 10:29:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/06/29 00:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/05/05 06:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms)
SRV - [2009/03/02 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV - [2006/12/19 05:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\SysWOW64\SAgent4.exe -- (StatusAgent4)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/06/14 07:58:59 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:
64bit: - [2012/06/11 01:02:31 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:
64bit: - [2011/09/21 20:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:
64bit: - [2011/09/21 20:35:58 | 000,120,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NISx64\1008030.006\symfw.sys -- (SYMFW)
DRV:
64bit: - [2011/09/21 20:35:58 | 000,056,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NISx64\1008030.006\symndisv.sys -- (SYMNDISV)
DRV:
64bit: - [2010/01/20 17:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:
64bit: - [2009/10/29 06:06:15 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:
64bit: - [2009/10/29 06:06:15 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:
64bit: - [2009/10/29 06:06:15 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX)
DRV:
64bit: - [2009/10/29 06:06:15 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:
64bit: - [2009/07/16 21:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:
64bit: - [2009/07/16 21:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:
64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:
64bit: - [2009/06/29 00:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:
64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:
64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2009/06/02 23:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2009/05/08 04:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:
64bit: - [2009/03/25 02:28:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:
64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/06/14 14:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120710.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/08/11 02:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/08/11 02:00:00 | 000,131,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {B2C541EA-428E-482D-B50A-A344F1BB6F9E}
IE:
64bit: - HKLM\..\SearchScopes\{B2C541EA-428E-482D-B50A-A344F1BB6F9E}: "URL" =
http://www.bing.com/...rc=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D19B9542-F9C2-4446-85A5-F6272EBE0C53}
IE - HKLM\..\SearchScopes\{D19B9542-F9C2-4446-85A5-F6272EBE0C53}: "URL" =
http://www.bing.com/...rc=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {B2C541EA-428E-482D-B50A-A344F1BB6F9E}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {B2C541EA-428E-482D-B50A-A344F1BB6F9E}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2412138798-2614356586-3247037954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/USCON/1IE - HKU\S-1-5-21-2412138798-2614356586-3247037954-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://hk.yahoo.com/IE - HKU\S-1-5-21-2412138798-2614356586-3247037954-1000\..\SearchScopes,DefaultScope = {D19B9542-F9C2-4446-85A5-F6272EBE0C53}
IE - HKU\S-1-5-21-2412138798-2614356586-3247037954-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" =
http://search.alot.c...on=1.2.1000.1(B)
IE - HKU\S-1-5-21-2412138798-2614356586-3247037954-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Kwai-Tat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Kwai-Tat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Kwai-Tat\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kwai-Tat\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kwai-Tat\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/03/29 04:13:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2012/06/14 23:55:15 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
O2 - BHO: (Fantapper) - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll ()
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll File not found
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro, Inc)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2412138798-2614356586-3247037954-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2412138798-2614356586-3247037954-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:
64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:
64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:
64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2412138798-2614356586-3247037954-1000..\Run: [Diagnostics] rundll32.exe "C:\Users\Kwai-Tat\AppData\Local\PowerDVD DX\Diagnostics\ihkpbqo.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-21-2412138798-2614356586-3247037954-1000..\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_SCD0E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Kwai-Tat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:
64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:
64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:
64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F9EF2F3-C081-4CB1-A627-A3234B9F89C5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB1D6E5C-BCF5-4D19-8916-C4629C689CEB}: DhcpNameServer = 192.168.5.1
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:
64bit: - Protocol\Handler\symres - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013/03/30 02:24:11 | 000,000,000 | ---D | C] -- C:\FRST
[2013/03/29 05:09:58 | 000,000,000 | ---D | C] -- C:\Emergency
[2013/03/26 20:48:10 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/03/08 01:27:30 | 000,000,000 | ---D | C] -- C:\Users\Kwai-Tat\AppData\Roaming\Mozilla
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/03/31 18:35:35 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/31 18:35:35 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/31 18:32:15 | 000,713,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/31 18:32:15 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/31 18:32:15 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/31 18:27:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/31 18:27:17 | 2386,317,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/13 12:24:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2412138798-2614356586-3247037954-1000UA.job
[2013/03/13 11:23:56 | 399,166,425 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/03 01:59:36 | 000,132,805 | ---- | M] () -- C:\1542715.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/03/03 01:57:29 | 000,132,805 | ---- | C] () -- C:\1542715.exe
[2013/01/24 17:18:49 | 000,000,280 | ---- | C] () -- C:\Windows\_delis32.ini
[2013/01/24 17:07:47 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012/10/25 21:48:07 | 000,097,641 | ---- | C] () -- C:\ProgramData\podevzufourliny
[2012/06/20 12:18:27 | 000,006,144 | ---- | C] () -- C:\Users\Kwai-Tat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/11 14:41:06 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/03/11 14:41:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/03/11 14:41:06 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/03/11 14:41:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/03/11 14:41:06 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/03/11 14:41:06 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/03/11 14:41:06 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/03/11 14:41:06 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/03/11 14:41:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/03/11 14:41:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/03/11 14:41:06 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/03/11 14:41:06 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/03/11 14:41:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/03/11 14:41:06 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/03/11 14:41:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/03/11 14:41:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/03/11 14:38:33 | 000,000,088 | ---- | C] () -- C:\Windows\ENX420.ini
========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Kwai-Tat\AppData\Local\{6d77119a-3bf4-466b-abc7-57f69c2cd1a9}\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2009/07/13 21:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 21:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ========== ========== Base Services ==========SRV:
64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:
64bit: - [2009/07/13 21:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\appinfo.dll -- (Appinfo)
SRV:
64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\alg.exe -- (ALG)
No service found with a name of BITS
No service found with a name of BFE
SRV:
64bit: - [2009/07/13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\lsass.exe -- (KeyIso)
SRV:
64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\es.dll -- (EventSystem)
SRV:
64bit: - [2009/07/13 21:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\browser.dll -- (Browser)
SRV:
64bit: - [2009/07/13 21:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/13 21:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:
64bit: - [2009/07/13 21:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\rpcss.dll -- (DcomLaunch)
SRV:
64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:
64bit: - [2009/07/13 21:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:
64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\eapsvc.dll -- (EapHost)
SRV:
64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV:
64bit: - [2009/07/13 21:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:
64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\swprv.dll -- (swprv)
SRV:
64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SysNative\mmcss.dll -- (MMCSS)
SRV:
64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\netman.dll -- (Netman)
SRV:
64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysWOW64\netprofm.dll -- (netprofm)
SRV:
64bit: - [2009/07/13 21:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\nlasvc.dll -- (NlaSvc)
SRV:
64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\nsisvc.dll -- (nsi)
SRV:
64bit: - [2009/07/13 21:41:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:
64bit: - [2009/07/13 21:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\spoolsv.exe -- (Spooler)
SRV:
64bit: - [2009/07/13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:
64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\rasauto.dll -- (RasAuto)
SRV:
64bit: - [2009/07/13 21:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\rasmans.dll -- (RasMan)
SRV:
64bit: - [2009/07/13 21:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\rpcss.dll -- (RpcSs)
SRV:
64bit: - [2009/07/13 21:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\seclogon.dll -- (seclogon)
SRV:
64bit: - [2009/07/13 21:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV:
64bit: - [2009/07/13 21:41:54 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\srvsvc.dll -- (LanmanServer)
SRV:
64bit: - [2009/07/13 21:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/13 21:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:
64bit: - [2009/07/13 21:41:53 | 001,104,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\schedsvc.dll -- (Schedule)
SRV:
64bit: - [2009/07/13 21:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 21:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:
64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\themeservice.dll -- (Themes)
SRV:
64bit: - [2009/07/13 21:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\profsvc.dll -- (ProfSvc)
SRV:
64bit: - [2009/07/13 21:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\VSSVC.exe -- (VSS)
SRV:
64bit: - [2009/07/13 21:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\audiosrv.dll -- (AudioSrv)
SRV:
64bit: - [2009/07/13 21:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:
64bit: - [2009/07/13 21:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:
64bit: - [2009/07/13 21:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV:
64bit: - [2009/07/13 21:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wiaservc.dll -- (stisvc)
SRV:
64bit: - [2009/07/13 21:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/13 21:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:
64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
No service found with a name of wuauserv
SRV:
64bit: - [2009/07/13 21:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\dot3svc.dll -- (dot3svc)
SRV:
64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wlansvc.dll -- (Wlansvc)
SRV:
64bit: - [2009/07/13 21:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysNative\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe >[2013/03/03 01:59:36 | 000,132,805 | ---- | M] () -- C:\1542715.exe
[2013/02/14 08:30:27 | 000,077,128 | ---- | M] () -- C:\wgsdgsdgdsgsd.exe
< MD5 for: EXPLORER.EXE >[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\WINDOWS\SysWOW64\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\WINDOWS\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
< MD5 for: SERVICES >[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.EXE >[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.LNK >[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PNG >[2009/04/22 15:08:52 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\Images\icons\png\24_24\services.png
< MD5 for: SERVICES.PTXML >[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SVCHOST.EXE >[2009/07/13 21:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\FRST\Quarantine\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
< > ========== Files - Unicode (All) ==========[2013/02/01 11:33:42 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?j?mlotserviceruntime.log) -- C:\Windows\SysWow64\j᎘mlotserviceruntime.log
[2013/02/01 11:33:42 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?j?mlotserviceruntime.log) -- C:\Windows\SysWow64\j᎘mlotserviceruntime.log
[2012/12/31 14:57:55 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\?m?nlotserviceruntime.log) -- C:\Windows\SysWow64\m嗰nlotserviceruntime.log
[2012/12/31 14:57:55 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\?m?nlotserviceruntime.log) -- C:\Windows\SysWow64\m嗰nlotserviceruntime.log
[2012/06/03 02:25:55 | 000,000,053 | ---- | M] ()(C:\Windows\SysWow64\?8?7lotserviceruntime.log) -- C:\Windows\SysWow64\듰8픀7lotserviceruntime.log
[2012/06/03 02:25:55 | 000,000,053 | ---- | C] ()(C:\Windows\SysWow64\?8?7lotserviceruntime.log) -- C:\Windows\SysWow64\듰8픀7lotserviceruntime.log
< End of report >
Extras.Txt
OTL Extras logfile created on: 3/31/2013 6:36:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kwai-Tat\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.96 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 66.18% Memory free
5.92 Gb Paging File | 4.75 Gb Available in Paging File | 80.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 165.54 Gb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive E: | 1.84 Gb Total Space | 1.84 Gb Free Space | 99.88% Space Free | Partition Type: FAT
Computer Name: KWAI-TAT-PC | User Name: Kwai-Tat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"HDMI" = Intel® Graphics Media Accelerator Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications (Support Software)
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57570C54-7615-4925-8219-895F01EBB16B}" = Fantapper Updater
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{954FC3E4-61C1-43BC-AB13-F0CCF145716D}" = Windows Live 程式集
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A7E7E283-8AB2-3EFE-A3BD-8482F72BAFCF}" = Google Talk Plugin
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CDACD4C9-F984-409A-9D26-DF77E003FD89}" = Fantapper Player
"{D436D212-1381-485A-BE46-32E1E2A95D98}" = Windows Live UX Platform Language Pack
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"alotAppbar" = ALOT Appbar
"Cisco Connect" = Cisco Connect
"Dell Webcam Central" = Dell Webcam Central
"EPSON Scanner" = EPSON Scan
"GoToAssist" = GoToAssist 8.0.0.514
"NIS" = Norton Internet Security
"PricePeep" = PricePeep for Internet Explorer
"RealPlayer 15.0" = RealPlayer
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2412138798-2614356586-3247037954-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"blinkx beat" = blinkx beat
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 3/26/2013 9:16:39 AM | Computer Name = Kwai-Tat-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: IEInstaller.dll, version: 2.0.3.1, time
stamp: 0x4f95f207 Exception code: 0xc0000005 Fault offset: 0x00005838 Faulting process
id: 0x179c Faulting application start time: 0x01ce2a2421934dfe Faulting application
path: C:\Program Files (x86)\internet explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
Report
Id: 642b10cf-9617-11e2-ad39-0025646d2a03
Error - 3/26/2013 9:16:47 AM | Computer Name = Kwai-Tat-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: IEInstaller.dll, version: 2.0.3.1, time
stamp: 0x4f95f207 Exception code: 0xc0000005 Fault offset: 0x00005838 Faulting process
id: 0x10dc Faulting application start time: 0x01ce2a2428e24795 Faulting application
path: C:\Program Files (x86)\internet explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
Report
Id: 68df891a-9617-11e2-ad39-0025646d2a03
Error - 3/26/2013 11:56:56 AM | Computer Name = Kwai-Tat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid. .
Error - 3/26/2013 12:00:25 PM | Computer Name = Kwai-Tat-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16385,
time stamp: 0x4a5bc9bb Faulting module name: SHELL32.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be054 Exception code: 0xc000041d Fault offset: 0x000000000005c6a5
Faulting
process id: 0x6fc Faulting application start time: 0x01ce2a3a87533eb3 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: 44f12a30-962e-11e2-ad3b-0025646d2a03
Error - 3/26/2013 12:07:27 PM | Computer Name = Kwai-Tat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid. .
Error - 3/26/2013 12:11:04 PM | Computer Name = Kwai-Tat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid. .
Error - 3/26/2013 12:14:15 PM | Computer Name = Kwai-Tat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid. .
Error - 3/26/2013 12:23:36 PM | Computer Name = Kwai-Tat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid. .
Error - 3/26/2013 12:32:13 PM | Computer Name = Kwai-Tat-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16385,
time stamp: 0x4a5bc9bb Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be02b Exception code: 0xc0000374 Fault offset: 0x00000000000c6cd2
Faulting
process id: 0x6e4 Faulting application start time: 0x01ce2a3f470af1e0 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: b6268a34-9632-11e2-b96a-0025646d2a03
Error - 3/26/2013 12:39:49 PM | Computer Name = Kwai-Tat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab> with error: The data is invalid. .
[ Broadcom Wireless LAN Events ]
Error - 1/1/2013 2:18:08 PM | Computer Name = Kwai-Tat-PC | Source = WLAN-Tray | ID = 0
Description = 13:18:06, Tue, Jan 01, 13 Error - Unable to gain access to user store
Error - 1/13/2013 1:55:04 AM | Computer Name = Kwai-Tat-PC | Source = WLAN-Tray | ID = 0
Description = 00:55:01, Sun, Jan 13, 13 Error - Unable to gain access to user store
[ Media Center Events ]
Error - 3/26/2013 6:44:39 PM | Computer Name = Kwai-Tat-PC | Source = MCUpdate | ID = 0
Description = 6:44:39 PM - Failed to retrieve MCESpotlight.cab (Error: BITS 0x80070424)
Error - 3/26/2013 6:44:43 PM | Computer Name = Kwai-Tat-PC | Source = MCUpdate | ID = 0
Description = 6:44:43 PM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)
6:44:43
PM - Failed to retrieve Logos.cab (Error: BITS 0x80070424) 6:44:43 PM - Failed to
retrieve SMTiles.cab (Error: BITS 0x80070424) 6:44:43 PM - Failed to retrieve UpdateableMarkup.cab
(Error: BITS 0x80070424)
Error - 3/26/2013 6:44:44 PM | Computer Name = Kwai-Tat-PC | Source = MCUpdate | ID = 0
Description = 6:44:44 PM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)
Error - 3/26/2013 6:45:08 PM | Computer Name = Kwai-Tat-PC | Source = MCUpdate | ID = 0
Description = 6:44:51 PM - Failed to retrieve ScheduleSupplement-2.cab (Error: BITS
0x80070424) 6:44:51 PM - Failed to retrieve SportsTemplate-2.cab (Error: BITS 0x80070424)
6:44:51
PM - Failed to retrieve SportsTemplateCore-2.cab (Error: BITS 0x80070424)
Error - 3/26/2013 6:45:20 PM | Computer Name = Kwai-Tat-PC | Source = MCUpdate | ID = 0
Description = 6:45:11 PM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)
Error - 3/31/2013 6:31:08 PM | Computer Name = Kwai-Tat-PC | Source = MCUpdate | ID = 0
Description = 6:31:08 PM - Failed to retrieve MCESpotlight.cab (Error: BITS 0x80070424)
Error - 3/31/2013 6:31:08 PM | Computer Name = Kwai-Tat-PC | Source = MCUpdate | ID = 0
Description = 6:31:08 PM - Failed to retrieve dSM-2.cab (Error: BITS 0x80070424)
6:31:08
PM - Failed to retrieve Logos.cab (Error: BITS 0x80070424) 6:31:08 PM - Failed to
retrieve SMTiles.cab (Error: BITS 0x80070424) 6:31:08 PM - Failed to retrieve UpdateableMarkup.cab
(Error: BITS 0x80070424)
Error - 3/31/2013 6:31:09 PM | Computer Name = Kwai-Tat-PC | Source = MCUpdate | ID = 0
Description = 6:31:09 PM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
0x80070424)
Error - 3/31/2013 6:31:10 PM | Computer Name = Kwai-Tat-PC | Source = MCUpdate | ID = 0
Description = 6:31:10 PM - Failed to retrieve ScheduleSupplement-2.cab (Error: BITS
0x80070424) 6:31:10 PM - Failed to retrieve SportsTemplate-2.cab (Error: BITS 0x80070424)
6:31:10
PM - Failed to retrieve SportsTemplateCore-2.cab (Error: BITS 0x80070424)
Error - 3/31/2013 6:31:11 PM | Computer Name = Kwai-Tat-PC | Source = MCUpdate | ID = 0
Description = 6:31:11 PM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)
[ System Events ]
Error - 3/26/2013 11:04:56 PM | Computer Name = Kwai-Tat-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.
Error - 3/26/2013 11:05:07 PM | Computer Name = Kwai-Tat-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.
Error - 3/26/2013 11:05:07 PM | Computer Name = Kwai-Tat-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.
Error - 3/26/2013 11:05:07 PM | Computer Name = Kwai-Tat-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.
Error - 3/26/2013 11:05:07 PM | Computer Name = Kwai-Tat-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.
Error - 3/26/2013 11:05:07 PM | Computer Name = Kwai-Tat-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.
Error - 3/26/2013 11:05:07 PM | Computer Name = Kwai-Tat-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.
Error - 3/31/2013 6:27:25 PM | Computer Name = Kwai-Tat-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:04:33 PM on ?3/?26/?2013 was unexpected.
Error - 3/31/2013 6:28:24 PM | Computer Name = Kwai-Tat-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 3/31/2013 6:28:24 PM | Computer Name = Kwai-Tat-PC | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >