Jump to content

ALMOST Fixed 'System Fix'


Recommended Posts

On Sunday night I was using the 'TV Links' webpage to watch American shows that can't otherwise be got in the UK, it normally has a lot of popups for phone apps and music downloads etc. that I just close. However, this one time all my windows crashed, reopened and crashed again. When I restarted I had the 'System Fix' virus.

I spent all yesturday trying to fix it and eventually using a combination of RKill, malwarebytes, avast and mcafee it seemed to be got rid of.

I then used unhide.eye and another program to restore default windows vista 64 start menu and shortcuts etc.

Then after another restart, the icons and files for system fix were back, but it wasn't running and my files were not hiddden again, however I am jittery about it still being there. I don't want to play around with it further and get back to square one. Also, my internet is running incredibly slowly, slower than when system fix was active, stuck with babylon search engine as default.

I have looked at other threads first but see its more of an individual tailored solution so I tried to get an OTL.exe log, but when I try and run the program I get 'this is not a valid win32 application.

My DDS log is:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19154

Run by Keef at 14:24:44 on 2011-12-06

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.4094.2438 [GMT 0:00]

.

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\vVX3000.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Windows\SOUNDMAN.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Users\Keef\Program Files (x86)\DNA\btdna.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\mobsync.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Keef\AppData\Local\Temp\{8D903385-D6D6-44FE-B971-A2FE4500AA09}\GoogleUpdate.exe

C:\Users\Keef\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Keef\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyServer = 93.189.5.138:8080

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MI1933~1\Office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MI1933~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [bitTorrent DNA] "C:\Users\Keef\Program Files (x86)\DNA\btdna.exe"

uRun: [Google Update] "C:\Users\Keef\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun

uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SFB37.tmp" /EF "HKCU"

uRun: [Epson Stylus SX510W(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S56D1.tmp" /EF "HKCU"

uRun: [GBWXufOsmTrrX.exe] C:\ProgramData\GBWXufOsmTrrX.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [supertintin_msn] "C:\Program Files (x86)\Supertintin for Msn\supertintin_msn.exe" /start_context sys_auto

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MI1933~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\TuneCab\YouTubeRipper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Chessmaster%20Challenge/Images/stg_drm.ocx

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Chessmaster%20Challenge/Images/armhelper.ocx

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4240862B-4250-41BA-A433-EC024ACD0E6B} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{580DD45E-E8F3-4B10-9978-DA2D419BD23F} : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MI1933~1\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MI1933~1\Office14\GROOVEEX.DLL

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MI1933~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [supertintin_msn] "C:\Program Files (x86)\Supertintin for Msn\supertintin_msn.exe" /start_context sys_auto

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MI1933~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe [2011-8-13 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe [2011-8-13 151297]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-5 44768]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-3-14 21504]

R2 MBAMService;MBAMService;C:\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-4 366152]

R2 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2010-7-14 90112]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-5-4 81408]

R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-10-21 301720]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-13 809296]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]

S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-12-5 127192]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-12 135664]

S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2011-11-14 464384]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-12 135664]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-3-14 19968]

S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\Windows\system32\DRIVERS\s0017bus.sys --> C:\Windows\system32\DRIVERS\s0017bus.sys [?]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s0017mdfl.sys --> C:\Windows\system32\DRIVERS\s0017mdfl.sys [?]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s0017mdm.sys --> C:\Windows\system32\DRIVERS\s0017mdm.sys [?]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s0017mgmt.sys --> C:\Windows\system32\DRIVERS\s0017mgmt.sys [?]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\Windows\system32\DRIVERS\s0017nd5.sys --> C:\Windows\system32\DRIVERS\s0017nd5.sys [?]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s0017obex.sys --> C:\Windows\system32\DRIVERS\s0017obex.sys [?]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\Windows\system32\DRIVERS\s0017unic.sys --> C:\Windows\system32\DRIVERS\s0017unic.sys [?]

S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2011-11-14 244736]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-9-22 155344]

S3 TucbAudio;TucbAudio;C:\Windows\system32\drivers\TucbAudio.sys --> C:\Windows\system32\drivers\TucbAudio.sys [?]

S3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\system32\DRIVERS\vcd10bus.sys --> C:\Windows\system32\DRIVERS\vcd10bus.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-12-06 12:29:48 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46B819DD-F696-45D8-B5B2-7E8E2C69A8B3}\offreg.dll

2011-12-06 11:53:44 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{46B819DD-F696-45D8-B5B2-7E8E2C69A8B3}\mpengine.dll

2011-12-05 16:59:45 16200 ----a-w- C:\Windows\stinger.sys

2011-12-05 16:59:17 -------- d-----w- C:\Program Files (x86)\stinger

2011-12-05 16:50:22 140120 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2011-12-05 16:49:34 258392 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2011-12-05 16:49:33 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-12-05 16:49:32 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-12-05 16:47:15 12368 ----a-w- C:\Windows\System32\drivers\aswNdis.sys

2011-12-05 16:46:34 41184 ----a-w- C:\Windows\avastSS.scr

2011-12-05 16:45:57 -------- d-----w- C:\ProgramData\AVAST Software

2011-12-05 16:45:57 -------- d-----w- C:\Program Files\AVAST Software

2011-12-04 22:55:44 -------- d-----w- C:\TDSSKiller_Quarantine

2011-12-04 21:07:36 -------- d-----w- C:\Users\Keef\AppData\Roaming\Malwarebytes

2011-12-04 21:07:19 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-04 21:07:16 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-04 21:07:16 -------- d-----w- C:\Malwarebytes' Anti-Malware

2011-12-03 18:41:19 -------- d-----w- C:\Program Files (x86)\NCH Software

2011-12-03 18:41:12 -------- d-----w- C:\Users\Keef\AppData\Local\Babylon

2011-12-03 18:41:11 -------- d-----w- C:\ProgramData\Babylon

2011-12-03 18:41:10 -------- d-----w- C:\Users\Keef\AppData\Roaming\Babylon

2011-11-23 18:17:11 77824 ----a-w- C:\Windows\SysWow64\EBAPI.dll

2011-11-23 18:17:11 65536 ----a-w- C:\Windows\SysWow64\EEBUtil.dll

2011-11-23 18:17:11 55808 ----a-w- C:\Windows\SysWow64\EEBSDKIF.dll

2011-11-23 18:17:11 135168 ----a-w- C:\Windows\SysWow64\EEBAPI.dll

2011-11-23 18:17:11 110592 ----a-w- C:\Windows\SysWow64\EEBDSCVR.dll

2011-11-23 15:00:28 558080 ----a-w- C:\Windows\System32\ensppmon.dll

2011-11-23 15:00:28 558080 ----a-w- C:\Windows\System32\enppmon.dll

2011-11-23 15:00:28 537600 ----a-w- C:\Windows\System32\ensppui.dll

2011-11-23 15:00:28 537600 ----a-w- C:\Windows\System32\enppui.dll

2011-11-23 15:00:28 250880 ----a-w- C:\Windows\System32\enspres.dll

2011-11-23 15:00:28 250880 ----a-w- C:\Windows\System32\enpres.dll

2011-11-23 15:00:28 -------- d-----w- C:\Program Files\EpsonNet

2011-11-23 15:00:14 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON

2011-11-23 14:59:29 -------- d-----w- C:\Program Files (x86)\EpsonNet

2011-11-23 14:55:22 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll

2011-11-23 14:55:22 71840 ----a-w- C:\Windows\SysWow64\EPPicMgr.dll

2011-11-23 14:55:22 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll

2011-11-23 14:55:22 120992 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll

2011-11-23 14:55:22 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll

2011-11-23 14:53:07 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL

2011-11-23 14:53:05 118784 ----a-w- C:\Windows\System32\E_ILMFIE.DLL

2011-11-23 14:53:04 81920 ----a-w- C:\Windows\System32\E_IBCBFIE.DLL

2011-11-23 14:52:31 -------- d-----w- C:\ProgramData\EPSON

2011-11-23 14:50:19 459776 ----a-w- C:\Windows\System32\esxwiaud.dll

2011-11-23 14:50:19 17408 ----a-w- C:\Windows\System32\esxcdev.dll

2011-11-23 14:50:19 128392 ----a-w- C:\Windows\System32\esdevapp.exe

2011-11-23 14:50:16 -------- d-----w- C:\Program Files (x86)\epson

2011-11-18 17:38:40 -------- d-----w- C:\Windows\xxclone.arc

2011-11-18 17:38:12 -------- d-----w- C:\Program Files\XXCLONE

2011-11-14 21:55:13 -------- d-----w- C:\Users\Keef\AppData\Roaming\AnvSoft

2011-11-14 21:55:00 -------- d-----w- C:\Users\Keef\AppData\Local\OpenCandy

2011-11-14 21:54:55 -------- d-----w- C:\Users\Keef\AppData\Roaming\OpenCandy

2011-11-14 21:54:55 -------- d-----w- C:\Program Files (x86)\AnvSoft

2011-11-14 21:32:57 -------- d-----w- C:\Converted

2011-11-14 21:29:51 464384 ----a-w- C:\Windows\SysWow64\GSService.exe

2011-11-14 21:29:51 244736 ----a-w- C:\Windows\SysWow64\snmvtsvc.exe

2011-11-14 21:29:50 34040 ----a-w- C:\Windows\System32\TucbAudio.sys

2011-11-14 21:29:50 34040 ----a-w- C:\Windows\System32\drivers\TucbAudio.sys

2011-11-14 21:29:49 -------- d-----w- C:\Program Files (x86)\TuneCab

2011-11-09 21:00:40 1426304 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 21:00:35 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2011-11-09 21:00:35 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2011-11-09 21:00:18 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 21:00:18 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 21:00:18 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll

.

==================== Find3M ====================

.

2011-10-21 00:24:22 13464 ----a-w- C:\Windows\System32\drivers\PSVolAcc.sys

2011-10-21 00:24:14 43672 ----a-w- C:\Windows\System32\drivers\psmounter.sys

2011-10-03 05:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-30 23:25:35 1147904 ----a-w- C:\Windows\System32\wininet.dll

2011-09-30 23:21:20 56832 ----a-w- C:\Windows\System32\licmgr10.dll

2011-09-30 23:21:00 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-09-30 23:20:40 132096 ----a-w- C:\Windows\System32\iesysprep.dll

2011-09-30 23:20:39 77312 ----a-w- C:\Windows\System32\iesetup.dll

2011-09-30 23:06:24 916480 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-09-30 23:02:06 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-09-30 23:01:51 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-09-30 23:01:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll

2011-09-30 23:01:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2011-09-30 22:29:23 479232 ----a-w- C:\Windows\System32\html.iec

2011-09-30 22:07:25 385024 ----a-w- C:\Windows\SysWow64\html.iec

2011-09-30 21:48:19 162816 ----a-w- C:\Windows\System32\ieUnatt.exe

2011-09-30 21:47:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-09-30 21:29:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2011-09-30 21:28:36 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 14:25:32.28 ===============

Any help would be much appreciated.

Many Thanks

DDS.txt

Attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Hi,

Thanks for the reply, as requested (OTL.com worked):

OTL logfile created on: 06/12/2011 22:28:38 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Keef\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19154)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.46% Memory free

8.20 Gb Paging File | 6.00 Gb Available in Paging File | 73.13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 186.31 Gb Total Space | 13.17 Gb Free Space | 7.07% Space Free | Partition Type: NTFS

Drive E: | 684.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 698.63 Gb Total Space | 657.16 Gb Free Space | 94.06% Space Free | Partition Type: NTFS

Computer Name: KEEF-PC | User Name: Keef | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 22:20:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Keef\Desktop\OTL.com

PRC - [2011/11/28 18:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/11/28 18:01:23 | 000,127,192 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe

PRC - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/05/04 13:14:38 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2011/04/15 18:56:36 | 001,038,336 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe

PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010/06/09 11:39:46 | 001,470,872 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

PRC - [2010/06/09 11:39:46 | 000,571,288 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

PRC - [2010/04/25 20:13:51 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2009/11/14 11:13:35 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Keef\Program Files (x86)\DNA\btdna.exe

PRC - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe

PRC - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe

PRC - [2008/09/10 13:17:40 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE

PRC - [2008/08/04 16:21:12 | 000,721,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe

PRC - [2008/07/07 09:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/06/12 13:28:45 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe

PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2011/02/10 03:14:58 | 004,106,296 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\sfzone\pdf.dll

MOD - [2010/11/16 10:07:44 | 001,316,878 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\sfzone\avcodec-52.dll

MOD - [2010/11/16 10:07:44 | 000,195,598 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\sfzone\avformat-52.dll

MOD - [2010/11/16 10:07:44 | 000,098,830 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\sfzone\avutil-50.dll

MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/05/12 16:34:54 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll

MOD - [2010/05/12 16:34:02 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll

MOD - [2010/05/12 16:33:56 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll

MOD - [2010/05/12 16:33:54 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll

MOD - [2010/05/12 15:52:54 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 18:01:23 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV:64bit: - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/10/21 00:24:06 | 000,301,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)

SRV:64bit: - [2008/01/19 08:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2008/01/19 08:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011/11/14 09:00:16 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/11/12 03:03:14 | 000,244,736 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SMServer)

SRV - [2011/11/12 02:14:28 | 000,464,384 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\GSService.exe -- (GSService)

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)

SRV - [2011/05/04 13:14:38 | 000,081,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/06/09 11:39:46 | 000,571,288 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)

SRV - [2010/04/25 20:13:51 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2009/03/30 04:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/10/15 13:31:53 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)

SRV - [2008/10/15 13:30:02 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)

SRV - [2008/07/07 09:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 17:54:44 | 000,140,120 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)

DRV:64bit: - [2011/11/28 17:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2011/11/28 17:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2011/11/28 17:53:28 | 000,258,392 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)

DRV:64bit: - [2011/11/28 17:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2011/11/28 17:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2011/11/28 17:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011/11/28 17:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2011/11/28 17:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)

DRV:64bit: - [2011/11/13 04:49:42 | 000,034,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TucbAudio.sys -- (TucbAudio)

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/11/11 23:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2010/06/25 15:08:56 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2009/10/01 00:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/06/09 23:46:06 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/06/01 13:50:52 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)

DRV:64bit: - [2009/06/01 13:50:52 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)

DRV:64bit: - [2008/10/21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)

DRV:64bit: - [2008/10/21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017obex.sys -- (s0017obex)

DRV:64bit: - [2008/10/21 08:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)

DRV:64bit: - [2008/10/21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdm.sys -- (s0017mdm)

DRV:64bit: - [2008/10/21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)

DRV:64bit: - [2008/10/21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdfl.sys -- (s0017mdfl)

DRV:64bit: - [2008/10/21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)

DRV:64bit: - [2008/09/16 08:43:08 | 003,479,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVAC64.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV:64bit: - [2008/08/04 16:21:12 | 002,065,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VX3000.sys -- (VX3000)

DRV:64bit: - [2008/06/17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys -- (vcd10bus)

DRV:64bit: - [2008/05/20 15:29:41 | 000,060,200 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2007/01/26 10:15:48 | 000,891,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ath2425x.sys -- (athr)

DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus)

DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 93.189.5.138:8080

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Keef\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Keef\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Keef\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Keef\Program Files (x86)\DNA [2011/12/06 16:24:01 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)

CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&AF=100490&babsrc=SP_ss&mntrId=3090a68a000000000000001731610064

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Keef\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MI1933~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MI1933~1\Office14\NPSPWRAP.DLL

CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Keef\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Keef\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll

CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: avast! WebRep = C:\Users\Keef\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\

O1 HOSTS File: ([2011/12/04 20:21:50 | 000,249,908 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.1001-search.info

O1 - Hosts: 127.0.0.1 1001-search.info

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 8711 more lines...

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [soundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [supertintin_msn] C:\Program Files (x86)\Supertintin for Msn\supertintin_msn.exe (Imtiger Software Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [bitTorrent DNA] C:\Users\Keef\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [Epson Stylus SX510W(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S56D1.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SFB37.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [GBWXufOsmTrrX.exe] C:\ProgramData\GBWXufOsmTrrX.exe File not found

O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)

O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\TuneCab\YouTubeRipper.dll ()

O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\TuneCab\YouTubeRipper.dll ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4240862B-4250-41BA-A433-EC024ACD0E6B}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{580DD45E-E8F3-4B10-9978-DA2D419BD23F}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Keef\Pictures\Phone pics\DSC00838.JPG

O24 - Desktop BackupWallPaper: C:\Users\Keef\Pictures\Phone pics\DSC00838.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/05/08 12:33:04 | 000,000,036 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{956c03f9-e547-11e0-a1af-001731610064}\Shell - "" = AutoRun

O33 - MountPoints2\{956c03f9-e547-11e0-a1af-001731610064}\Shell\AutoRun\command - "" = F:\Startme.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 22:20:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Keef\Desktop\OTL.com

[2011/12/06 14:16:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Keef\Desktop\dds.scr

[2011/12/06 13:42:30 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/12/06 13:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011/12/05 16:59:45 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2011/12/05 16:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2011/12/05 16:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security

[2011/12/05 16:50:29 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/12/05 16:50:29 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/12/05 16:50:22 | 000,140,120 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys

[2011/12/05 16:49:34 | 000,258,392 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys

[2011/12/05 16:49:34 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/12/05 16:49:34 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/12/05 16:49:33 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2011/12/05 16:49:32 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/12/05 16:48:34 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/12/05 16:47:15 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys

[2011/12/05 16:46:34 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/12/05 16:46:33 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/12/05 16:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2011/12/05 16:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2011/12/05 12:04:44 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Keef\Desktop\iexplore (2).exe

[2011/12/04 23:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2011/12/04 22:55:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2011/12/04 22:54:59 | 000,000,000 | ---D | C] -- C:\Users\Keef\Desktop\tdsskiller

[2011/12/04 21:07:36 | 000,000,000 | ---D | C] -- C:\Users\Keef\AppData\Roaming\Malwarebytes

[2011/12/04 21:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/04 21:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/12/04 21:07:16 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/12/04 21:07:16 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2011/12/04 21:06:30 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Keef\Desktop\mbam-setup-1.51.2.1300.exe

[2011/12/04 20:46:36 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Keef\Desktop\setup-spybotsd162.exe

[2011/12/04 18:34:08 | 000,000,000 | ---D | C] -- C:\Users\Keef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

[2011/12/03 19:54:44 | 000,000,000 | ---D | C] -- C:\Users\Keef\Documents\VideoPad Projects

[2011/12/03 18:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software

[2011/12/03 18:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs

[2011/12/03 18:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software

[2011/12/03 18:41:12 | 000,000,000 | ---D | C] -- C:\Users\Keef\AppData\Local\Babylon

[2011/12/03 18:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2011/12/03 18:41:10 | 000,000,000 | ---D | C] -- C:\Users\Keef\AppData\Roaming\Babylon

[2011/12/03 18:40:10 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Users\Keef\Documents\cnet2_vpsetup_exe.exe

[2011/11/26 12:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011/11/23 15:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet

[2011/11/23 15:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON

[2011/11/23 14:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet

[2011/11/23 14:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON

[2011/11/23 14:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

[2011/11/23 14:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson

[2011/11/18 17:38:40 | 000,000,000 | ---D | C] -- C:\Windows\xxclone.arc

[2011/11/18 17:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XXCLONE

[2011/11/18 17:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\XXCLONE

[2011/11/14 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Keef\Documents\Any Video Converter

[2011/11/14 21:55:13 | 000,000,000 | ---D | C] -- C:\Users\Keef\AppData\Roaming\AnvSoft

[2011/11/14 21:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft

[2011/11/14 21:55:00 | 000,000,000 | ---D | C] -- C:\Users\Keef\AppData\Local\OpenCandy

[2011/11/14 21:54:55 | 000,000,000 | ---D | C] -- C:\Users\Keef\AppData\Roaming\OpenCandy

[2011/11/14 21:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft

[2011/11/14 21:47:23 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Users\Keef\Documents\cnet2_avc-free_exe.exe

[2011/11/14 21:32:57 | 000,000,000 | ---D | C] -- C:\Converted

[2011/11/14 21:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneCab

[2011/11/14 21:29:51 | 000,244,736 | ---- | C] (SMServer) -- C:\Windows\SysWow64\snmvtsvc.exe

[2011/11/14 21:29:50 | 000,034,040 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\TucbAudio.sys

[2011/11/14 21:29:50 | 000,034,040 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\TucbAudio.sys

[2011/11/14 21:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneCab

[2011/11/11 18:57:52 | 000,000,000 | ---D | C] -- C:\Users\Keef\Documents\SEGA Mega Drive Classics

[2010/07/14 11:31:55 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeA163.dll

[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Keef\*.tmp files -> C:\Users\Keef\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/06 22:21:58 | 000,004,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/06 22:21:58 | 000,004,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/06 22:20:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Keef\Desktop\OTL.com

[2011/12/06 22:19:26 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3869292037-1503811952-3368985556-1000UA.job

[2011/12/06 22:08:27 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/06 16:23:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/06 16:21:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/06 16:20:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/12/06 16:19:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3869292037-1503811952-3368985556-1000Core.job

[2011/12/06 14:22:31 | 000,127,339 | ---- | M] () -- C:\Users\Keef\Desktop\OTL.exe

[2011/12/06 14:19:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Keef\Desktop\dds.scr

[2011/12/06 13:39:34 | 000,002,032 | ---- | M] () -- C:\Users\Keef\AppData\Local\d3d9caps.dat

[2011/12/06 12:12:20 | 000,684,297 | ---- | M] () -- C:\Users\Keef\Desktop\unhide.exe

[2011/12/06 12:10:57 | 000,329,279 | ---- | M] () -- C:\Users\Keef\Desktop\vista-64-sm-reset2.exe

[2011/12/06 11:47:21 | 000,329,279 | ---- | M] () -- C:\Users\Keef\Desktop\vista-64-sm-reset.exe

[2011/12/05 19:48:00 | 000,012,310 | ---- | M] () -- C:\Users\Keef\Desktop\Windows_Vista_x64_Recovery_Disc.torrent

[2011/12/05 17:01:00 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys

[2011/12/05 16:50:30 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2011/12/05 16:49:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011/12/05 12:04:45 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Keef\Desktop\iexplore (2).exe

[2011/12/04 23:11:21 | 000,001,089 | ---- | M] () -- C:\Users\Keef\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2011/12/04 23:11:21 | 000,001,065 | ---- | M] () -- C:\Users\Keef\Desktop\Spybot - Search & Destroy.lnk

[2011/12/04 22:54:49 | 001,547,774 | ---- | M] () -- C:\Users\Keef\Desktop\tdsskiller.zip

[2011/12/04 21:06:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Keef\Desktop\mbam-setup-1.51.2.1300.exe

[2011/12/04 20:49:48 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Keef\Desktop\setup-spybotsd162.exe

[2011/12/04 20:31:09 | 000,002,188 | ---- | M] () -- C:\Users\Keef\AppData\Local\d3d9caps64.dat

[2011/12/04 20:21:50 | 000,249,908 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/12/04 19:40:43 | 000,000,633 | ---- | M] () -- C:\Users\Keef\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/12/04 18:34:09 | 000,000,609 | ---- | M] () -- C:\Users\Keef\Desktop\System Fix.lnk

[2011/12/03 19:25:11 | 000,162,304 | ---- | M] () -- C:\Users\Keef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/03 18:42:20 | 000,001,491 | ---- | M] () -- C:\user.js

[2011/12/03 18:40:36 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Users\Keef\Documents\cnet2_vpsetup_exe.exe

[2011/11/28 18:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/11/28 18:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/11/28 18:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/11/28 17:54:44 | 000,140,120 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys

[2011/11/28 17:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2011/11/28 17:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/11/28 17:53:28 | 000,258,392 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys

[2011/11/28 17:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/11/28 17:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/11/28 17:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/11/28 17:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/11/28 17:26:19 | 000,012,368 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys

[2011/11/23 21:12:41 | 000,085,752 | ---- | M] () -- C:\Users\Keef\Desktop\Referencing_Leaflet_2010.pdf

[2011/11/23 18:36:24 | 000,807,312 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/11/23 18:36:24 | 000,680,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/11/23 18:36:24 | 000,137,490 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/11/23 14:52:03 | 000,070,889 | ---- | M] () -- C:\Users\Keef\Desktop\submissionCover[1].pdf

[2011/11/18 17:48:47 | 000,016,333 | ---- | M] () -- C:\XXCLONE.HYP

[2011/11/18 17:48:46 | 000,000,736 | ---- | M] () -- C:\Windows\xxclone.ini

[2011/11/18 17:37:05 | 001,707,654 | ---- | M] () -- C:\Users\Keef\Documents\xxclone.zip

[2011/11/15 20:59:22 | 000,004,715 | ---- | M] () -- C:\Users\Keef\.recently-used.xbel

[2011/11/14 21:55:06 | 000,001,031 | ---- | M] () -- C:\Users\Keef\Desktop\Any Video Converter.lnk

[2011/11/14 21:50:06 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Users\Keef\Documents\cnet2_avc-free_exe.exe

[2011/11/13 04:49:42 | 000,034,040 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\TucbAudio.sys

[2011/11/13 04:49:42 | 000,034,040 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\TucbAudio.sys

[2011/11/13 04:49:42 | 000,007,924 | ---- | M] () -- C:\Windows\SysNative\TucbAudio.cat

[2011/11/13 04:49:34 | 000,019,099 | ---- | M] () -- C:\Windows\SysNative\TucbAudio.inf

[2011/11/12 03:03:14 | 000,244,736 | ---- | M] (SMServer) -- C:\Windows\SysWow64\snmvtsvc.exe

[2011/11/12 02:14:28 | 000,464,384 | ---- | M] () -- C:\Windows\SysWow64\GSService.exe

[2011/11/07 13:33:13 | 000,035,508 | ---- | M] () -- C:\Users\Keef\Documents\wheel.gif

[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Keef\*.tmp files -> C:\Users\Keef\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/06 14:22:29 | 000,127,339 | ---- | C] () -- C:\Users\Keef\Desktop\OTL.exe

[2011/12/06 12:11:53 | 000,684,297 | ---- | C] () -- C:\Users\Keef\Desktop\unhide.exe

[2011/12/06 12:10:57 | 000,329,279 | ---- | C] () -- C:\Users\Keef\Desktop\vista-64-sm-reset2.exe

[2011/12/06 11:47:34 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk

[2011/12/06 11:47:16 | 000,329,279 | ---- | C] () -- C:\Users\Keef\Desktop\vista-64-sm-reset.exe

[2011/12/05 19:47:51 | 000,012,310 | ---- | C] () -- C:\Users\Keef\Desktop\Windows_Vista_x64_Recovery_Disc.torrent

[2011/12/05 16:50:30 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk

[2011/12/05 16:49:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2011/12/04 23:11:21 | 000,001,089 | ---- | C] () -- C:\Users\Keef\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2011/12/04 23:11:21 | 000,001,065 | ---- | C] () -- C:\Users\Keef\Desktop\Spybot - Search & Destroy.lnk

[2011/12/04 22:54:44 | 001,547,774 | ---- | C] () -- C:\Users\Keef\Desktop\tdsskiller.zip

[2011/12/04 19:40:43 | 000,000,633 | ---- | C] () -- C:\Users\Keef\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/12/04 18:34:09 | 000,000,609 | ---- | C] () -- C:\Users\Keef\Desktop\System Fix.lnk

[2011/12/03 18:41:30 | 000,001,491 | ---- | C] () -- C:\user.js

[2011/12/03 18:41:22 | 000,000,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk

[2011/11/23 21:12:41 | 000,085,752 | ---- | C] () -- C:\Users\Keef\Desktop\Referencing_Leaflet_2010.pdf

[2011/11/23 14:55:22 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011/11/23 14:55:22 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011/11/23 14:55:22 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011/11/23 14:55:22 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011/11/23 14:55:22 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011/11/23 14:55:22 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011/11/23 14:55:22 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011/11/23 14:55:22 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg

[2011/11/23 14:55:22 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011/11/23 14:55:22 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg

[2011/11/23 14:55:22 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg

[2011/11/23 14:55:22 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg

[2011/11/23 14:55:22 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg

[2011/11/23 14:55:22 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg

[2011/11/23 14:55:22 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg

[2011/11/23 14:55:22 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg

[2011/11/23 14:55:22 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg

[2011/11/23 14:55:22 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg

[2011/11/23 14:55:22 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg

[2011/11/23 14:55:22 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011/11/23 14:55:22 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg

[2011/11/23 14:55:22 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg

[2011/11/23 14:55:22 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2011/11/23 14:55:22 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011/11/23 14:55:22 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011/11/23 14:55:22 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011/11/23 14:55:22 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011/11/23 14:55:22 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011/11/23 14:55:22 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2011/11/23 14:55:22 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2011/11/23 14:55:22 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011/11/23 14:55:22 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011/11/23 14:52:03 | 000,070,889 | ---- | C] () -- C:\Users\Keef\Desktop\submissionCover[1].pdf

[2011/11/18 17:43:24 | 000,016,333 | ---- | C] () -- C:\XXCLONE.HYP

[2011/11/18 17:36:42 | 001,707,654 | ---- | C] () -- C:\Users\Keef\Documents\xxclone.zip

[2011/11/15 20:59:22 | 000,004,715 | ---- | C] () -- C:\Users\Keef\.recently-used.xbel

[2011/11/14 21:55:06 | 000,001,031 | ---- | C] () -- C:\Users\Keef\Desktop\Any Video Converter.lnk

[2011/11/14 21:29:51 | 000,464,384 | ---- | C] () -- C:\Windows\SysWow64\GSService.exe

[2011/11/14 21:29:50 | 000,019,099 | ---- | C] () -- C:\Windows\SysNative\TucbAudio.inf

[2011/11/14 21:29:50 | 000,007,924 | ---- | C] () -- C:\Windows\SysNative\TucbAudio.cat

[2011/11/07 13:33:13 | 000,035,508 | ---- | C] () -- C:\Users\Keef\Documents\wheel.gif

[2011/06/18 20:35:09 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI

[2011/05/13 11:19:59 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/03/03 01:27:00 | 000,000,736 | ---- | C] () -- C:\Windows\xxclone.ini

[2011/02/06 19:29:06 | 000,386,923 | ---- | C] () -- C:\Windows\KMSAct.exe

[2010/12/24 13:12:33 | 000,000,545 | ---- | C] () -- C:\Windows\VF2K.INI

[2010/09/08 18:14:54 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\imsispd.exe

[2010/09/08 18:14:54 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\imsfchk.dll

[2010/09/08 18:14:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\imslevel.dll

[2010/08/25 16:54:53 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/06/15 19:59:15 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\imsispd.dll

[2010/06/15 19:59:08 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\imsaiff.dll

[2010/06/15 19:59:08 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\DGRip.dll

[2010/06/10 20:00:31 | 000,816,148 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/04/25 20:13:49 | 000,674,600 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2009/11/15 11:10:06 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2009/11/15 11:10:04 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2009/09/24 17:49:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009/09/24 17:48:54 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2009/09/24 17:48:25 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/08/18 14:49:07 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2009/08/18 14:49:07 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2009/08/18 14:49:07 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2009/05/23 09:50:32 | 000,002,032 | ---- | C] () -- C:\Users\Keef\AppData\Local\d3d9caps.dat

[2009/04/19 08:10:47 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll

[2009/04/19 08:10:47 | 000,002,145 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini

[2009/03/19 15:55:58 | 000,013,576 | ---- | C] () -- C:\Windows\SysWow64\wnaspi32.dll

[2009/03/15 21:42:12 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS

[2009/03/15 21:42:12 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\DEVLOAD.EXE

[2009/03/15 21:42:06 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI

[2009/03/14 19:43:47 | 000,162,304 | ---- | C] () -- C:\Users\Keef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/14 19:13:07 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009/03/14 18:38:58 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2009/03/14 15:08:32 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2009/03/14 00:58:58 | 000,002,188 | ---- | C] () -- C:\Users\Keef\AppData\Local\d3d9caps64.dat

[2008/09/10 13:17:24 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll

[2008/09/10 12:46:10 | 000,044,064 | ---- | C] () -- C:\Windows\CPLUtl64.exe

[2008/08/04 16:21:12 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini

[2006/11/02 15:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 12:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006/11/02 12:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006/11/02 12:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006/11/02 09:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[1997/06/14 00:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

========== LOP Check ==========

[2010/12/23 16:47:01 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\AbsolutePoker

[2011/11/14 21:55:13 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\AnvSoft

[2011/12/03 18:41:10 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\Babylon

[2010/05/01 17:01:35 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\Bioshock

[2011/12/05 21:01:33 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\BitTorrent

[2010/08/20 23:51:52 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\Braid

[2009/12/24 18:39:48 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\Chessmaster Challenge

[2009/05/09 13:04:31 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\DAEMON Tools Lite

[2011/12/06 22:35:06 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\DNA

[2009/04/25 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\FileZilla

[2010/03/21 21:24:44 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\GetRightToGo

[2011/11/15 20:58:35 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\gtk-2.0

[2010/02/14 00:32:47 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\Mount&Blade

[2011/05/29 17:56:49 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\Mount&Blade Warband

[2010/09/07 23:20:51 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\Music Recognition

[2009/09/19 21:59:28 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\NationRed

[2010/12/24 01:26:24 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\NCH Swift Sound

[2011/11/14 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\OpenCandy

[2011/09/23 14:35:18 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\Outlook

[2009/05/20 09:06:24 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\proDAD

[2009/12/27 12:30:46 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\runic games

[2011/02/14 19:13:59 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\SoftGrid Client

[2009/12/23 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\SpinTop

[2009/06/21 15:52:19 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\The Creative Assembly

[2010/11/08 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\Keef\AppData\Roaming\TP

[2011/12/06 16:20:26 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011/06/19 11:02:08 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{645F199B-F6D1-4B88-8FDF-74E66E21B89A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Keef\Documents\MOV_0001.mp4:TOC.WMV

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D158BAF9

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 06/12/2011 22:28:38 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Keef\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19154)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.46% Memory free

8.20 Gb Paging File | 6.00 Gb Available in Paging File | 73.13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 186.31 Gb Total Space | 13.17 Gb Free Space | 7.07% Space Free | Partition Type: NTFS

Drive E: | 684.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 698.63 Gb Total Space | 657.16 Gb Free Space | 94.06% Space Free | Partition Type: NTFS

Computer Name: KEEF-PC | User Name: Keef | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = E0 E4 1E 2E D3 A4 C9 01 [binary data]

"VistaSp2" = 53 33 6E 91 7E BA CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{115EF3A2-01D6-4547-B773-1E3AE35DE7F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{20DAD2C2-CDAA-4946-8C3A-AD00E94AD2AD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{35C07564-4A01-45E9-A6D0-28E090847245}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6B275664-CDAC-4016-8C88-2B187019DAC1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{819C8CCE-8D5D-4C7A-AA2A-A88413E50B02}" = lport=2869 | protocol=6 | dir=in | app=system |

"{91D544C5-1CAD-4701-BC8A-199B25C35AF5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{D32A3551-0B68-47CF-A51A-C8C55269188B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D8FE3C6C-7492-4ADD-A30A-807C3D979121}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{EB2903B6-1B35-4AC5-BDA9-6BC0FAC7B4B4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{ECB8D574-494F-4C64-A336-15B9FE175436}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F43C94C2-7677-4C7F-888E-2AD2B45B8CDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0770D2A3-D2AE-48B6-B101-BFB7603E74C4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six 3 gold\system\ravenshield.exe |

"{0B1239C9-001D-4D51-B7A1-D9F166800E49}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |

"{0B44B098-2E89-47CA-9FBE-D319315E23FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |

"{0D2A5CB2-E2FE-4BA0-8AAB-71F5A38502E5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{1141B0C9-9961-4BC7-A46B-EC249CBF5FFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |

"{18F5958B-C668-4788-AB85-36932726D954}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe |

"{1A96B54D-BAFE-47BA-8942-20889C727AAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |

"{1B40D3EF-63CA-42EB-A794-A1832A99ACA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle deluxe\peggle.exe |

"{1F67C370-F909-4549-B216-BAA6E0F11F9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |

"{2215F8F2-D4F7-4EC9-AAB0-844B3F491E3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{25719D2A-D1D4-4C71-B5F3-C8AD2CB613E6}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool09\eneasyapp.exe |

"{27B3A9DE-5272-4DAD-96D4-A0814BD70B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm |

"{28297383-B4F7-4B66-ADAE-01BC86C14A54}" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |

"{2B204EF7-76C8-4BA5-8182-401F91FA95F9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{2C6CBF06-9E2F-4F19-A450-DE5560B083F0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{314A3DCF-626D-42B8-97A7-688C34889AB6}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{323AE5F0-8C51-493A-8241-E43FE4C637B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |

"{33322680-2E96-4C40-AD20-30D6D2399499}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\garrysmod\hl2.exe |

"{347F5144-A623-4456-A38D-DB9BA45EF9C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe |

"{350810FE-2964-4760-A269-69F1924092DF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{39390020-8522-43B8-B90B-C364AADEA599}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |

"{3AD02861-B04A-454D-B0D6-9B11229B5FB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\arsenewenger\counter-strike source\hl2.exe |

"{3AF5BA9E-E99B-4BA6-A55D-39945D90B7D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2 demo\bin\supreme commander 2 demo.exe |

"{3CD4B5CB-B5CD-4FA2-97CD-68E4BAC377CF}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |

"{3E0DAD64-8EC8-4C23-9095-2D34590C09EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\tnt.bat |

"{3F691729-0571-45BC-A603-1F6B8547BF65}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\plutonia + mouse.bat |

"{3FA044BE-3816-4ACF-9820-387CB741F0FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |

"{403E7836-9198-4A06-9799-25F4270109D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |

"{453B5A81-75D0-4D8F-811C-8EA8FF85198A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island trailer\smp.exe |

"{47B4FB93-A99B-4BD8-BFE0-84614EA14F1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |

"{48133E66-D47B-456D-AFBC-FFA0B50280E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\tqit.exe |

"{49C1B0EF-D935-4085-99EA-72233BBBEBF9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |

"{49D1EDF0-2AF7-4575-B701-FFEA5B3A2CED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |

"{4D577151-A92D-4F75-A2DB-2F76AB3D9A5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos demo\osmosdemo.exe |

"{54319585-7DF5-4EE1-8177-B931042833DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\heretic shadow of the serpent riders\heretic.bat |

"{55C27400-BD69-42DF-9E5F-CDB09BCF660B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{56F581D4-C912-4F86-B8EA-E2C77A26E68B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |

"{58545B53-B4C5-44D6-A61A-00CCF11AE65A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\tnt.bat |

"{58831F3D-BF5B-4FEE-9B79-8C1AC474B1F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\plutonia.bat |

"{5A673714-8339-4B88-8658-0270698B1A0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sega classics\segagenesisclassics.exe |

"{5A6CCC36-6C36-4E8A-AEEF-0DDEBE9BAAFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |

"{5A88680D-8B81-4263-9430-217606A7574C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout 3\falloutlauncher.exe |

"{5D8A0BDE-3D52-42B5-BDA0-68BD39E1630E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |

"{5EE18FEE-546A-48B8-89FD-AFF2F72DCABB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{5F4B169E-55B9-419B-9E65-32D6D56F28B3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle extreme\peggleextreme.exe |

"{61B9A397-B4FB-46C2-AE03-65A166081540}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |

"{659B17EE-05F3-40EF-A1EC-8D9C7D2C0359}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |

"{66CB1D31-8D64-4FB9-8BC5-D91822D03C35}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{6C6A21CE-D309-4B52-BA66-ECE4F461D2D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal gold\system\unreal.exe |

"{6DFE0659-D026-48B7-B2C8-3381FD235F24}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{6F7AC3DA-8D60-4AC5-B696-0372C7BFD6C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe |

"{70726FA5-93C9-49D0-BE10-D29D51C38EE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{72BC24A0-5353-4CA0-884B-9FA7ACCAC588}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chessmaster\chess.exe |

"{74768677-8B6E-46B3-B413-7B08A1661AB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |

"{75647ACF-FDEB-4928-9E5F-1154A27F33CA}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{7658B9AF-303D-4FB1-B69A-A1FC16DA7ED3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |

"{76696155-5310-4FD4-9686-2CB3DA9B7DB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six 3 gold\system\ravenshield.exe |

"{76F25F0F-F03D-4CB2-AE33-20C81B9E1349}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe |

"{7793FBD0-B37A-4EE2-857E-DE1907183E4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{78231751-6CF8-4328-8379-F8F5981FC27F}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |

"{796CF2A8-0366-4586-9BC6-5A1BC2108330}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe |

"{883F9F13-248B-4379-9A84-7AE5B4B83F35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe |

"{88C097C6-471D-440C-A7CD-1DC55BDF7BBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 2004\system\ut2004.exe |

"{8A34461E-CAF9-475D-B7CB-3A8D837227DF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{8C293076-D3A6-444F-81E0-10FAEC9CC8FC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{8E68768A-5E01-40FC-8EA1-1F194DC82E6B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\testapp4.bat |

"{8F35820F-019E-403B-B8D7-D479DCEA1E00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wolfenstein 3d\wolf3d.bat |

"{941B8F18-051B-4F3D-8E8B-1D56BEF902A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |

"{94443A87-6285-46F5-A527-E4C2AF9C9C66}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{96F1F961-A98D-4C92-8B91-34C9299D2E5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\tnt + mouse.bat |

"{9AAFC08E-CACB-4614-A34D-175010FE9A13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2 demo\bin\supreme commander 2 demo.exe |

"{9C3E1EB6-ED4D-446A-836A-BE9A31528F77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\plutonia + mouse.bat |

"{9EDE373E-D4FF-437F-AE96-BAAFBC5D2D5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\heretic shadow of the serpent riders\heretic.bat |

"{A1555895-B0AD-4C9D-B7F5-5005DFD2CB0C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{A330575C-5A2F-4AB2-A56C-DA335F5BFFEB}" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |

"{A865B71A-DE15-41FD-83E1-A5F9290813B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |

"{AACD8768-D891-4E58-812D-14F6BDE40015}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\testapp3.bat |

"{AB2FB64A-19CD-40E2-AFDB-F2BB5E7F45D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\titan quest immortal throne\help.htm |

"{B23B8C59-51BC-4D3A-8FA1-BFB8A6F82FD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |

"{B792C21B-2802-4AC2-AE38-823E4778041E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dino d-day\srcds.exe |

"{B9E472D6-8747-431D-A19D-4EF512C4D7EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sega classics\segagenesisclassics.exe |

"{BA32479E-A0A4-4D2A-BCDC-372C1C45F877}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens versus predator classic\avp_classic.exe |

"{BC7C78F0-578E-4A16-801C-174EE918F8F6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{BC98C35E-B865-409B-8F29-E7244CE03BA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wolfenstein 3d\wolf3d.bat |

"{BF210C45-1BDB-49FE-B504-94C251CBDA40}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{C380B379-1F57-4196-91E6-FA24C7F333D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{C71459A0-7329-4BCD-93F3-01300E0D8462}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |

"{C79FF847-7409-42C7-953B-1B1A6C999F3D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\arsenewenger\counter-strike source\hl2.exe |

"{C88360A7-61BC-49A4-8A22-EA44908E7F9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\counter-strike source\hl2.exe |

"{C8C2E285-C353-4A0A-9DCF-7D6DA05EC416}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 2004\system\ut2004.exe |

"{CAB8202F-68C1-4EF7-8A61-0CE3606E2C3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\tnt + mouse.bat |

"{CBAA8520-5C70-469A-A4F4-C44CE6FDD072}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\garrysmod\hl2.exe |

"{D0894CFC-4EE0-4D22-A1BC-F7880198AFB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens versus predator classic\avp_classic.exe |

"{D0AFC2FD-9F46-450F-B582-7EBCE324D571}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\testapp4.bat |

"{D1F60E3A-0231-4B59-A1A6-CC59D9CA89FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\peggle deluxe\peggle.exe |

"{D754DA45-8A3E-4494-8FAC-5567A02CA382}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{D92A3050-040A-4D25-99B5-8F1A5F3DE510}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\swarm.exe |

"{DC7A267B-E8E5-4C40-A296-250616563BD5}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{DCEAA221-C96C-4829-B09E-57C0750F503E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |

"{DD6D65E1-18EB-42EC-96E3-8C759C5EBEAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\post apocalyptic mayhem\pammaingame.exe |

"{DFD89347-DC9F-4DCC-B41D-C7F0E7866B0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{E0F9C083-AE2A-47F7-8D5E-EE880238D611}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |

"{E4A98D71-3BD2-41E3-B589-A6854C7E8886}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{E5983A72-3CE1-4E72-B34E-A260C8CD5088}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |

"{E6340108-996A-47AC-AA46-194AAC89BB69}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{E7616C98-53ED-4BA5-AC87-91E8A74AF063}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal gold\system\unreal.exe |

"{E8F5FEDC-AAF8-43C5-9DB0-EFE41FA6B137}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos demo\osmosdemo.exe |

"{E9D5944D-A8D2-4183-9F42-F680AD5E7F95}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |

"{EC866858-610D-4CA6-B8B4-D8946D5DEFC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island trailer\smp.exe |

"{ED0E5495-1230-4436-83F6-5164EC6B0439}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dino d-day\srcds.exe |

"{EE7C4E0A-25EC-4499-A78E-49384D569D22}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe |

"{EF6E84B5-9246-499F-836D-1AC861367480}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\post apocalyptic mayhem\pammaingame.exe |

"{F14ECAB3-8381-4DB1-9A1F-E63821A6ACAF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{F18B70D7-9BDB-4BE2-A5CD-76BE8EE9779D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe |

"{F1DB96E6-D7DA-4446-B972-F786A73305D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{F232BAA5-C3D3-4004-811D-7B7437CED7D8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\counter-strike source\hl2.exe |

"{F5485198-B74A-44E3-89FA-F8252C9A3E57}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final doom\plutonia.bat |

"{F706E1E5-90F2-4035-8756-4642F9ECF2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\testapp5.bat |

"{F7981112-7C71-497F-8980-C85E84189BE0}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"{F83DFC01-C9ED-4F15-9D04-98CCBD5BF2E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\testapp5.bat |

"{F84A70BE-BE66-4502-9A6A-EB5F388F5727}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\chessmaster\chess.exe |

"{F909CB33-3D14-4412-997B-7580749A10A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\commander keen\testapp3.bat |

"{F9FAF9D6-7B3F-4B5A-8094-90195636A03C}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |

"TCP Query User{01D08607-A7C4-4FCC-9F6C-322562F8277B}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |

"TCP Query User{0310365A-8390-4320-BB6E-E202F98755C1}C:\program files (x86)\steam\steamapps\multigamer051112\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\counter-strike source\hl2.exe |

"TCP Query User{0CF9CCCE-DBA0-45D4-AB97-B0050DC67D54}C:\program files (x86)\dna\kknd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\kknd.exe |

"TCP Query User{3825B97B-0487-4217-B8B1-93889341D2CE}C:\users\keef\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\keef\program files (x86)\dna\btdna.exe |

"TCP Query User{43DE0D07-3383-4995-A377-09C8F69C2604}C:\users\keef\appdata\local\temp\kmsact\pack\keygen\keygen.exe" = protocol=6 | dir=in | app=c:\users\keef\appdata\local\temp\kmsact\pack\keygen\keygen.exe |

"TCP Query User{52911AC3-F335-4A40-AF9B-36C79D5343B6}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"TCP Query User{5D88F756-87CB-4F51-8F48-461E7033D7BA}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |

"TCP Query User{68AD10D6-B418-4F39-B2A3-6DC62201C8BF}C:\users\keef\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\keef\program files (x86)\dna\btdna.exe |

"TCP Query User{68B5197E-9015-4B9B-8269-03F60971F905}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{79141BE1-E960-4AE8-9F6C-1E461F6FBC20}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"TCP Query User{82D3F132-5A46-43F2-8A28-02FD273D524B}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |

"TCP Query User{8331CA01-C5D5-4FF6-B2B4-F37BCEF33006}C:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |

"TCP Query User{911F1281-903B-4130-B582-69F29C1CC1E7}C:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |

"TCP Query User{9B0FD965-4414-41DC-A8F0-53C71BB2DB34}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"TCP Query User{ADF379DA-8A5F-4ED4-B47B-F57B5D955D87}C:\program files (x86)\steam\steamapps\arsenewenger\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\arsenewenger\day of defeat source\hl2.exe |

"TCP Query User{B3C3DB1F-A111-4BDB-A609-949B61362955}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{B6293742-5B57-4BA4-996E-B9C14B9DAD62}C:\program files (x86)\steam\steamapps\common\rainbow six 3 gold\system\ucc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six 3 gold\system\ucc.exe |

"TCP Query User{B7CEC528-9D6A-4969-91BD-257CCE66D69F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"TCP Query User{BA4C028D-C8B7-4374-80E6-B27ECF4718D0}C:\users\keef\music\kknd_xtreme\kknd.exe" = protocol=6 | dir=in | app=c:\users\keef\music\kknd_xtreme\kknd.exe |

"TCP Query User{BEA9929D-B225-447E-883E-BB3E522ED75D}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"TCP Query User{C7950914-9321-4D59-A46A-02BB3B4DD918}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |

"TCP Query User{DB7B90D1-F964-4CDA-AA04-DC113AB22FCA}C:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe |

"TCP Query User{DCECE920-E0CC-483C-AA9C-A90008059A57}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{DEB76091-86A5-44D5-B3A5-9546035FF027}C:\program files (x86)\steam\steamapps\multigamer051112\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\team fortress 2\hl2.exe |

"TCP Query User{E289AE3C-E52D-49D7-9E02-F6CE0BBBB57D}C:\program files (x86)\steam\steamapps\common\grid\grid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe |

"TCP Query User{E68AC3DE-103F-4394-A121-7CC0997FB85B}C:\program files (x86)\steam\steamapps\multigamer051112\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\half-life 2 deathmatch\hl2.exe |

"TCP Query User{F8C151B4-F97F-4B0E-9CEF-094B0D0C9DB9}C:\program files (x86)\steam\steamapps\multigamer051112\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\team fortress 2\hl2.exe |

"UDP Query User{08A05F89-66E1-4D19-A46D-CE0DF2368B82}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

"UDP Query User{1F71EC0A-5DED-481F-B9E5-1372E0D1167A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{27D9ECA3-EF03-445D-9613-5DF4F9B5BAEE}C:\program files (x86)\steam\steamapps\multigamer051112\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\team fortress 2\hl2.exe |

"UDP Query User{2E793BFF-91D3-4FE0-93B0-C0D283078003}C:\program files (x86)\steam\steamapps\multigamer051112\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\team fortress 2\hl2.exe |

"UDP Query User{4C60F750-C8D9-4B7D-BF7E-E48224F8CE8E}C:\users\keef\appdata\local\temp\kmsact\pack\keygen\keygen.exe" = protocol=17 | dir=in | app=c:\users\keef\appdata\local\temp\kmsact\pack\keygen\keygen.exe |

"UDP Query User{4E8626DF-0931-4C41-BAC2-5060372FC496}C:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms reloaded\wormsreloaded.exe |

"UDP Query User{4F48463F-BDB5-4BC6-8C73-4AC6BB92DFA4}C:\users\keef\music\kknd_xtreme\kknd.exe" = protocol=17 | dir=in | app=c:\users\keef\music\kknd_xtreme\kknd.exe |

"UDP Query User{51BE53F2-DC82-4902-8617-345F0B13F115}C:\program files (x86)\steam\steamapps\common\rainbow six 3 gold\system\ucc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six 3 gold\system\ucc.exe |

"UDP Query User{559A0CF7-1A55-47E0-8853-E00A73C90ACF}C:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |

"UDP Query User{5967E598-AF78-4C3A-B296-652C3AD6DB70}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{722EA697-26AA-4776-B990-62FC816694E9}C:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |

"UDP Query User{7C86EDCB-BE78-47EF-8AD9-907819E3B685}C:\users\keef\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\keef\program files (x86)\dna\btdna.exe |

"UDP Query User{81B77CB6-9D2F-408B-9A42-401804E1C171}C:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row 2\sr2_pc.exe |

"UDP Query User{82D7BE3A-A807-4135-906A-A93AD0151875}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{873D0D16-FF59-41A1-9E0E-657DEFEC863B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |

"UDP Query User{8764A81D-70FC-45CC-8D86-C0979B197536}C:\users\keef\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\keef\program files (x86)\dna\btdna.exe |

"UDP Query User{90CC86F2-93C8-495D-922B-9F91200041D5}C:\program files (x86)\steam\steamapps\multigamer051112\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\half-life 2 deathmatch\hl2.exe |

"UDP Query User{9B08F9A5-D0A3-45C4-81E6-062DBB00B235}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"UDP Query User{BBBF7B31-0937-40E4-84B2-6B4A78948003}C:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"UDP Query User{C98A6937-5CF0-4A90-AE1D-A90C87D2F881}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{D4FF4E80-D4A5-469E-B1E5-C1F3559C75C2}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd |

"UDP Query User{E1F4C0B8-B37F-41E5-A298-687A491110E7}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |

"UDP Query User{E66BA8E9-E2A0-4FA8-A693-D59E4B23AD6A}C:\program files (x86)\steam\steamapps\multigamer051112\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\multigamer051112\counter-strike source\hl2.exe |

"UDP Query User{EA973C2A-54FB-4C3E-9B54-0B2F28F7E815}C:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |

"UDP Query User{F07747F1-42BB-405A-AD41-A0C3240516E0}C:\program files (x86)\dna\kknd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\kknd.exe |

"UDP Query User{F0DAAD63-D1FB-43B6-9A7A-776B66D411FE}C:\program files (x86)\steam\steamapps\arsenewenger\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\arsenewenger\day of defeat source\hl2.exe |

"UDP Query User{F6698C12-061C-4ED6-AAAF-7BBDB88EBCB5}C:\program files (x86)\steam\steamapps\common\grid\grid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grid\grid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{812F5B09-D0BA-4036-A63E-69238EF22ECA}" = Microsoft Corporation

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DE4A8AFC-90BB-4FB5-92E9-09B06ECA3A7E}" = Macrium Reflect Free Edition

"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"EPSON SX510W Series" = EPSON SX510W Series Printer Uninstall

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Drivers" = NVIDIA Drivers

"UltSounds" = Windows Sound Schemes

"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help

"{0985a414-1f4f-45f0-bc1d-c0e893bdb5ac}" =

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{0f4b3e11-80db-41b2-957b-66c6169a526b}" =

"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1C9A45C6-A367-472F-8FC7-45B10D661BF1}" = abit AirPace Wi-Fi

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{25F20946-39A8-4268-9444-61586A2A21FB}" = Caldes V6

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 29

"{2C8B0579-46E6-4088-8E57-44833265798F}" = THE HOUSE OF THE DEAD 2

"{2e18b38e-25f0-4590-a1c6-e1f59db40f56}" =

"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{3d6b874d-5a85-4d44-ba1d-353d0bccfceb}" =

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget

"{A12FCE50-9DBB-420B-9B1D-4861180B983F}" = MSN Webcam Recorder 31.0

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game

"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas

"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2

"{D95FBEDA-2FB5-43D3-A34C-B86D542F2E74}" = abit AirPace Wi-Fi

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{f3f883f6-48d9-4296-b5f0-fe2d637450d9}" =

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup

"Abyssmedia Audio CD Burner_is1" = Abyssmedia Audio CD Burner 4.15

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Age of Empires 2.0" = Microsoft Age of Empires II

"AmazingMIDI" = AmazingMIDI

"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus

"Any Video Converter_is1" = Any Video Converter 3.3.0

"Audacity_is1" = Audacity 1.2.6

"avast" = avast! Internet Security

"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor

"Cool MP3 Converter_is1" = Cool MP3 Converter V1.86

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Dungeon Keeper_is1" = Dungeon Keeper

"EPSON Scanner" = EPSON Scan

"Epson Stylus SX510W_TX550W User’s Guide" = Epson Stylus SX510W_TX550W Manual

"ExpressBurn" = Express Burn Disc Burning Software

"Fraps" = Fraps

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"Golden" = Golden Records Vinyl to CD Converter

"Guitar Pro 5_is1" = Guitar Pro 5.2

"i Screen Recorder_is1" = i Screen Recorder 8.0.0.2022

"InstallShield_{63415CB1-3C97-4D9C-980D-336710EB0526}" = Age of Empires III - The Asian Dynasties Trial

"intelliScore Polyphonic WAV to MIDI Converter Demo" = intelliScore Polyphonic WAV to MIDI Converter Demo

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"OpenAL" = OpenAL

"PhotoFinder" = PhotoFinder

"PKR" = PKR

"PunkBusterSvc" = PunkBuster Services

"Sonic 3D" = Sonic 3D

"Sonic R" = Sonic R

"Steam App 12180" = Grand Theft Auto 2

"Steam App 1250" = Killing Floor

"Steam App 13250" = Unreal Gold

"Steam App 19830" = Tom Clancy's Rainbow Six 3: Gold Edition

"Steam App 22000" = World of Goo

"Steam App 22300" = Fallout 3

"Steam App 2270" = Wolfenstein 3D

"Steam App 2290" = Final DOOM

"Steam App 2390" = Heretic: Shadow of the Serpent Riders

"Steam App 24920" = Dragon Age: Origins - Character Creator

"Steam App 26800" = Braid

"Steam App 29200" = Osmos Demo

"Steam App 32162" = Zombie Bowl-O-Rama Demo

"Steam App 34270" = SEGA Genesis & Mega Drive Classics

"Steam App 3482" = Peggle Deluxe Demo

"Steam App 3483" = Peggle Extreme

"Steam App 37200" = Chessmaster

"Steam App 3730" = Aliens versus Predator Classic 2000

"Steam App 4000" = Garry's Mod

"Steam App 40800" = Super Meat Boy

"Steam App 41300" = Altitude

"Steam App 41500" = Torchlight

"Steam App 42710" = Call of Duty: Black Ops - Multiplayer

"Steam App 4700" = Medieval II: Total War

"Steam App 4780" = Medieval II: Total War Kingdoms

"Steam App 48700" = Mount & Blade: Warband

"Steam App 550" = Left 4 Dead 2

"Steam App 564" = Left 4 Dead 2 Add-on Support

"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™

"Steam App 590" = Left 4 Dead 2 Demo

"Steam App 63200" = Monday Night Combat

"Steam App 6910" = Deus Ex: Game of the Year Edition

"Steam App 9180" = Commander Keen Complete Pack

"Steam App 91900" = Post Apocalyptic Mayhem

"Supertintin for Msn_is1" = Supertintin 1.1.21.2

"Switch" = Switch Sound File Converter

"SystemRequirementsLab" = System Requirements Lab

"TuneCab_is1" = TuneCab 4.3.0

"Uninstall_is1" = Uninstall 1.0.0.1

"VideoPad" = VideoPad Video Editor

"Virtua Fighter 2" = Virtua Fighter 2

"VLC media player" = VLC media player 0.9.8a

"WAV to MP3 Encoder" = WAV to MP3 Encoder

"WavePad" = WavePad Sound Editor

"WIDI Recognition System Pro 3.3" = WIDI Recognition System Pro 3.3 (remove only)

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinGimp-2.0_is1" = GIMP 2.6.6

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"XXClone" = XXClone ver 1.91.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3869292037-1503811952-3368985556-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Absolute Poker Instant Play" = Absolute Poker Instant Play

"BitTorrent" = BitTorrent

"BitTorrent DNA" = DNA

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 20/02/2011 16:09:41 | Computer Name = Keef-PC | Source = Application Hang | ID = 1002

Description = The program left4dead2.exe version 0.0.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1508 Start Time: 01cbd137299b2709 Termination Time: 397

Error - 22/02/2011 10:34:54 | Computer Name = Keef-PC | Source = Application Hang | ID = 1002

Description = The program left4dead2.exe version 0.0.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 28c Start Time: 01cbd29c49aaf2f6 Termination Time: 263

Error - 22/02/2011 10:38:04 | Computer Name = Keef-PC | Source = Application Hang | ID = 1002

Description = The program left4dead2.exe version 0.0.0.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: d8c Start Time: 01cbd29de0c3c8d8 Termination Time: 388

Error - 22/02/2011 13:31:49 | Computer Name = Keef-PC | Source = Application Error | ID = 1000

Description = Faulting application NECRO95.EXE, version 0.0.0.0, time stamp 0x325acc81,

faulting module smackw32.dll, version 6.0.6002.18327, time stamp 0x4cb7341c, exception

code 0xc0000135, fault offset 0x0006f51f, process id 0xec4, application start time

0x01cbd2b6617d7739.

Error - 22/02/2011 13:43:57 | Computer Name = Keef-PC | Source = Application Hang | ID = 1002

Description = The program Steam.exe version 1.0.968.628 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: c28 Start Time: 01cbd28e03e2f0b9 Termination Time: 15

Error - 22/02/2011 15:55:38 | Computer Name = Keef-PC | Source = Application Error | ID = 1000

Description = Faulting application Kknd.exe, version 0.0.0.0, time stamp 0x342619eb,

faulting module Kknd.exe, version 0.0.0.0, time stamp 0x342619eb, exception code

0xc0000005, fault offset 0x0004b0fa, process id 0x7c4, application start time 0x01cbd2c7aa31223b.

Error - 22/02/2011 15:55:41 | Computer Name = Keef-PC | Source = Application Error | ID = 1000

Description = Faulting application Kknd.exe, version 0.0.0.0, time stamp 0x342619eb,

faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb7341c, exception

code 0xc0000029, fault offset 0x000674e0, process id 0x7c4, application start time

0x01cbd2c7aa31223b.

Error - 23/02/2011 09:01:14 | Computer Name = Keef-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.19019, time stamp

0x4d0c3d4c, faulting module icucnv36.dll, version 3.6.0.0, time stamp 0x470eff71,

exception code 0xc0000005, fault offset 0x000013df, process id 0xbc8, application

start time 0x01cbd35992c1d982.

Error - 23/02/2011 09:01:16 | Computer Name = Keef-PC | Source = Application Error | ID = 1000

Description = Faulting application Kknd.exe, version 0.0.0.0, time stamp 0x342619eb,

faulting module Kknd.exe, version 0.0.0.0, time stamp 0x342619eb, exception code

0xc0000005, fault offset 0x0004b0fa, process id 0x570, application start time 0x01cbd355ad314d47.

Error - 23/02/2011 09:01:18 | Computer Name = Keef-PC | Source = Application Error | ID = 1000

Description = Faulting application Kknd.exe, version 0.0.0.0, time stamp 0x342619eb,

faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb7341c, exception

code 0xc0000029, fault offset 0x000674e0, process id 0x570, application start time

0x01cbd355ad314d47.

[ System Events ]

Error - 06/12/2011 07:53:45 | Computer Name = Keef-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620

Description =

Error - 06/12/2011 08:31:54 | Computer Name = Keef-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 06/12/2011 08:31:54 | Computer Name = Keef-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 06/12/2011 08:31:54 | Computer Name = Keef-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 06/12/2011 08:31:54 | Computer Name = Keef-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 06/12/2011 08:31:54 | Computer Name = Keef-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 06/12/2011 08:34:43 | Computer Name = Keef-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 06/12/2011 09:29:10 | Computer Name = Keef-PC | Source = DCOM | ID = 10016

Description =

Error - 06/12/2011 12:24:37 | Computer Name = Keef-PC | Source = Service Control Manager | ID = 7022

Description =

Error - 06/12/2011 12:24:37 | Computer Name = Keef-PC | Source = Service Control Manager | ID = 7000

Description =

< End of report >

Link to post
Share on other sites

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer<==click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe

to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Then...........

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [Epson Stylus SX510W(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S56D1.tmp" /EF "HKCU" File not found
    O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [EPSON SX510W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_SFB37.tmp" /EF "HKCU" File not found
    O4 - HKU\S-1-5-21-3869292037-1503811952-3368985556-1000..\Run: [GBWXufOsmTrrX.exe] C:\ProgramData\GBWXufOsmTrrX.exe File not found
    [2011/12/04 19:40:43 | 000,000,633 | ---- | M] () -- C:\Users\Keef\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/04 18:34:09 | 000,000,609 | ---- | M] () -- C:\Users\Keef\Desktop\System Fix.lnk
    [2011/12/04 18:34:09 | 000,000,609 | ---- | C] () -- C:\Users\Keef\Desktop\System Fix.lnk
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Ok I have done the next steps, I have now noticed the system fix toolbar icon by the start menu is gone, but the application folder is still present in the programs menu.

This log was produced on restard:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_USERS\S-1-5-21-3869292037-1503811952-3368985556-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_USERS\S-1-5-21-3869292037-1503811952-3368985556-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Epson Stylus SX510W(Network) not found.

Registry value HKEY_USERS\S-1-5-21-3869292037-1503811952-3368985556-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON SX510W Series not found.

Registry value HKEY_USERS\S-1-5-21-3869292037-1503811952-3368985556-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GBWXufOsmTrrX.exe not found.

File C:\Users\Keef\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk not found.

File C:\Users\Keef\Desktop\System Fix.lnk not found.

File C:\Users\Keef\Desktop\System Fix.lnk not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Keef

->Temp folder emptied: 163681481 bytes

->Temporary Internet Files folder emptied: 395833253 bytes

->Java cache emptied: 16140735 bytes

->Google Chrome cache emptied: 91446437 bytes

->Flash cache emptied: 142265 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 712704 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18412699 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 70927058 bytes

Total Files Cleaned = 722.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12062011_233645

Files\Folders moved on Reboot...

C:\Users\Keef\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Link to post
Share on other sites

It looks like this is it in the DDS log: (Nothing shows in the OTL log though)

C:\Users\Keef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

Can you right click on it > choose Properties > Find Target > now delete it.

Let me know, MrC

I did that and did a reboot and it looks as if all the files have gone finally! Is there anything else I need to do or is that everything solved?

Thanks so much for all your help MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.