By the way, explorer is still running at %50.!
Printable View
By the way, explorer is still running at %50.!
Please, read my instructions more carefully.
You didn't:
Quote:
Uninstall Ask Toolbar, known adware.
I uninstalled this before I did the Combo Fix. I noticed it never told me it was completed. Hmm. I just double checked now to make sure I did, and it's not there. So, what should I do? (note that I don't recall restarting computer after I uninstalled, although I don't know if that would make a difference)
We'll remove Ask Toolbar leftovers in out next step.
Download Process Explorer: http://technet.microsoft.com/en-us/s.../bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
===============================================================
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Process Explorer:
Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 99.92 0 K 24 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 0 K 0 K Deferred Procedure Calls
System 4 0 K 3,784 K
smss.exe 424 292 K 732 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 544 1,728 K 5,112 K Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe 588 1,348 K 4,064 K Windows Start-Up Application Microsoft Corporation wininit.exe
services.exe 644 2,452 K 6,488 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
svchost.exe 860 2,504 K 5,732 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
igfxsrvc.exe 2996 1,732 K 4,576 K igfxsrvc Module Intel Corporation C:\Windows\system32\igfxsrvc.exe -Embedding
WmiPrvSE.exe 3208 3,012 K 5,916 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
HpqToaster.exe 3360 1,724 K 5,580 K HpqToaster Module "C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe" -Embedding
svchost.exe 936 3,084 K 6,204 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k rpcss
svchost.exe 980 72,112 K 43,084 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k secsvcs
svchost.exe 1080 10,260 K 12,300 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 1252 1,000 K 3,376 K Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x2e8
svchost.exe 1120 10,996 K 15,532 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
svchost.exe 1136 17,900 K 24,700 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 2020 9,244 K 9,976 K Task Scheduler Engine Microsoft Corporation taskeng.exe {8D2E1076-FE0E-4E14-8779-5B8E2AEC4CB8}
ModLEDKey.exe 516 592 K 2,044 K AccessL Chicony C:\Windows\ModLEDKey.exe
taskeng.exe 3840 1,980 K 5,840 K Task Scheduler Engine Microsoft Corporation taskeng.exe {C0A63FE3-3CD0-468E-B099-37B0E265BA23}
svchost.exe 1268 1,848 K 4,576 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k GPSvcGroup
SLsvc.exe 1284 6,048 K 11,496 K Microsoft Software Licensing Service Microsoft Corporation C:\Windows\system32\SLsvc.exe
svchost.exe 1320 6,568 K 11,688 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1452 14,808 K 15,024 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
AvastSvc.exe 1608 16,384 K 30,412 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
spoolsv.exe 2012 5,780 K 10,500 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 208 13,432 K 17,388 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 368 5,336 K 9,252 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k apphost
AppleMobileDeviceService.exe 1888 2,180 K 3,684 K Apple Mobile Device Service Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
mDNSResponder.exe 1440 1,680 K 4,928 K Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe"
LSSrvc.exe 1696 1,024 K 3,372 K Hewlett-Packard Company "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
svchost.exe 2088 2,168 K 5,364 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
sqlbrowser.exe 2132 1,036 K 3,356 K SQL Browser Service EXE Microsoft Corporation "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
sqlwriter.exe 2152 3,608 K 7,188 K SQL Server VSS Writer Microsoft Corporation "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
svchost.exe 2220 3,464 K 6,356 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 2284 4,396 K 8,120 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k iissvcs
svchost.exe 2324 552 K 1,980 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k WerSvcGroup
XAudio.exe 2344 764 K 2,388 K Modem Audio Service Conexant Systems, Inc. C:\Windows\system32\DRIVERS\xaudio.exe
hpqwmiex.exe 2372 2,524 K 4,948 K hpqwmiex Module Hewlett-Packard Development Company, L.P. "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"
IAANTmon.exe 2388 2,948 K 5,824 K RAID Monitor Intel Corporation "C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
lsass.exe 672 3,000 K 1,412 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 680 2,288 K 5,124 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
csrss.exe 600 14,604 K 11,376 K Client Server Runtime Process Microsoft Corporation C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 708 2,116 K 5,712 K Windows Logon Application Microsoft Corporation winlogon.exe
explorer.exe 1748 25,484 K 33,988 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
Apoint.exe 1232 2,156 K 5,804 K Alps Pointing-device Driver Alps Electric Co., Ltd. "C:\Program Files\Apoint2K\Apoint.exe"
ApMsgFwd.exe 2728 688 K 2,296 K ApMsgFwd Alps Electric Co., Ltd. "C:\Program Files\Apoint2K\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
HPWAMain.exe 2096 2,484 K 5,352 K HPWAMain Module Hewlett-Packard Development Company, L.P. "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
WiFiMsg.exe 2836 1,672 K 4,520 K Module to process WiFi messages. Hewlett-Packard Development Company, L.P. "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
igfxtray.exe 2896 1,220 K 4,288 K igfxTray Module Intel Corporation "C:\WINDOWS\System32\igfxtray.exe"
igfxpers.exe 2904 956 K 3,704 K persistence Module Intel Corporation "C:\WINDOWS\System32\igfxpers.exe"
Monitor.exe 2940 1,340 K 4,460 K Registry Monitor PixArt Imaging Incorporation "C:\WINDOWS\PixArt\Pac207\Monitor.exe"
AvastUI.exe 2948 5,168 K 5,200 K avast! Antivirus AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
CNYHKey.exe 3096 8,152 K 15,828 K Chicony Keyboard Driver Chicony "C:\WINDOWS\CNYHKey.exe"
procexp.exe 2120 0.77 15,904 K 24,960 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\User\Desktop\procexp.exe"
firefox.exe 308 90,552 K 103,128 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
plugin-container.exe 3204 18,084 K 20,716 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=308.4bae740.515111831 "C:\Windows\system32\Macromed\Flash\NPSWF32.dll" 308 plugin \\.\pipe\gecko-crash-server-pipe.308
ApntEx.exe 2776 1,280 K 3,404 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd. "Apntex.exe"
OTL part 1:
OTL logfile created on: 10/15/2010 8:29:09 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.54 Gb Total Space | 24.77 Gb Free Space | 23.92% Space Free | Partition Type: NTFS
Drive D: | 8.25 Gb Total Space | 1.50 Gb Free Space | 18.13% Space Free | Partition Type: NTFS
Computer Name: ASK | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
========== Processes (SafeList) ==========
PRC - [2010/10/15 08:27:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/03 19:27:02 | 005,576,704 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe
PRC - [2007/12/10 19:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac207\Monitor.exe
PRC - [2007/01/08 14:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModLEDKey.exe
========== Modules (SafeList) ==========
MOD - [2010/10/15 08:27:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2009/04/11 00:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/04/11 00:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/11/30 16:43:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:33:42 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ManyCam.sys -- (ManyCam)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\User\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/13 16:38:53 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/04/10 22:42:56 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/23 14:07:28 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 14:07:26 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 14:07:26 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/30 14:30:49 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/01 00:16:26 | 000,018,912 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lmvac.sys -- (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/02/13 17:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2008/01/18 22:53:40 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/12/11 10:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/05/11 23:09:50 | 000,043,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/05/04 10:11:32 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/04/30 15:59:30 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/04/25 22:19:26 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/04/25 22:18:04 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/04/25 22:17:54 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/04/23 17:51:08 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/01/29 18:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/01/03 11:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 11:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/30 14:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/17 08:19:30 | 000,143,872 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (IntelĀ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2004/04/26 23:31:04 | 000,474,304 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\lvcd.sys -- (QCDonner) Logitech QuickCam Express(PID_0840)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
OTL part 2:
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ARIO&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 3F 49 86 EB B1 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/19 23:55:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/04 09:35:05 | 000,000,000 | ---D | M]
[2009/06/15 08:59:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/06/15 08:59:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\[email protected]
[2010/10/15 08:19:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bv5h7rsw.SPEED\extensions
[2010/04/27 08:14:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bv5h7rsw.SPEED\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/11 09:27:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bv5h7rsw.SPEED\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/09/11 09:27:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\bv5h7rsw.SPEED\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/14 18:08:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/04 21:05:02 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll
O1 HOSTS File: ([2010/10/14 08:27:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LchDrv] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [ledpointer] C:\Windows\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/02 15:22:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/10/15 08:28:00 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/10/14 21:00:14 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\[Shinsen-Subs_Rumbel_sMi_HorribleSubs]_Gintama_1-201+OVAs_(480p_XviD+H264)
[2010/10/14 08:38:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/14 08:38:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2010/10/14 08:28:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/14 08:09:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/13 21:52:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\NTBR_CD
[2010/10/13 21:16:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/13 21:16:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/13 21:16:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/13 21:12:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/12 15:39:41 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\User\Desktop\procexp.exe
[2010/10/09 11:41:35 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Icons
[2010/10/09 11:31:33 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\NIntendo 64 ROMs
[2010/10/08 11:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\KeyTweak
[2010/10/07 21:21:56 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop\Gintama 1-90 engsub
[2010/10/07 15:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.6
[2010/10/06 16:27:05 | 005,576,704 | ---- | C] (Chicony) -- C:\Windows\CNYHKey.exe
[2010/10/06 16:27:05 | 000,053,248 | ---- | C] (Chicony) -- C:\Windows\ModLEDKey.exe
[2010/10/03 19:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/09/19 09:43:37 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/19 09:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/16 13:16:53 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Documents
[2010/09/16 13:16:39 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Videos
[2010/09/16 13:16:33 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Photos
[2010/09/16 12:45:27 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\BOA
[2010/09/12 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\AirMouse
[2010/09/12 12:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Air Mouse
[2010/09/12 11:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/26 13:30:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ManyCam
[2010/08/26 13:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/08/26 09:18:30 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Documents\microsoft
[2010/08/24 22:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010/08/16 15:47:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GameTuts
[2010/08/16 15:47:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\GameTuts
[2010/08/11 12:52:48 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Recorded TV
[2010/07/27 12:26:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ElevatedDiagnostics
[2010/07/27 12:24:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/07/27 12:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/07/26 16:48:26 | 000,000,000 | R--D | C] -- C:\Users\User\Documents\Documents
[2010/07/26 11:37:56 | 000,000,000 | ---D | C] -- C:\Users\User\Tracing
[2010/07/17 16:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/10/15 08:27:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/10/15 08:24:07 | 000,066,048 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/15 07:58:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 07:58:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 07:57:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/15 07:57:40 | 000,043,008 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2010/10/15 07:57:39 | 2137,022,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/14 22:00:20 | 000,055,296 | ---- | M] () -- C:\Windows\System32\umstartup000.etl
[2010/10/14 17:59:04 | 000,002,231 | ---- | M] () -- C:\Users\User\Desktop\iTunes.lnk
[2010/10/14 15:49:39 | 000,002,281 | ---- | M] () -- C:\Users\User\Desktop\Safari.lnk
[2010/10/14 08:27:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/13 21:51:36 | 002,565,432 | ---- | M] () -- C:\Users\User\Desktop\NTBR_CD.exe
[2010/10/13 21:07:26 | 003,878,092 | R--- | M] () -- C:\Users\User\Desktop\ComboFix.exe
[2010/10/13 21:03:22 | 000,080,384 | ---- | M] () -- C:\Users\User\Desktop\MBRCheck.exe
[2010/10/13 18:19:13 | 000,002,513 | ---- | M] () -- C:\Users\User\Desktop\Air Mouse.lnk
[2010/10/13 11:36:06 | 000,002,469 | ---- | M] () -- C:\Users\User\Desktop\iPhoneBrowser.lnk
[2010/10/13 08:45:41 | 000,544,768 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2010/10/12 22:04:05 | 000,293,376 | ---- | M] () -- C:\Users\User\Desktop\m9kx36bk.exe
[2010/10/12 19:57:19 | 000,717,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/12 19:57:19 | 000,146,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/12 18:57:28 | 000,000,776 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/10/12 18:57:28 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/10/09 15:16:01 | 000,000,172 | ---- | M] () -- C:\Users\User\Desktop\Poop.lnk
[2010/10/09 11:43:57 | 000,001,880 | ---- | M] () -- C:\Users\User\Desktop\Photoshop.lnk
[2010/10/08 15:06:19 | 000,002,627 | ---- | M] () -- C:\Users\User\Desktop\MS Word.lnk
[2010/10/08 11:59:08 | 000,287,220 | ---- | M] () -- C:\Users\User\Desktop\KeyTweak_install.exe
[2010/10/08 09:18:01 | 006,191,104 | ---- | M] () -- C:\Users\User\Desktop\Gintama - ED1 - 01 - Fuusen Gum.mp3
[2010/10/07 15:36:52 | 030,036,333 | ---- | M] () -- C:\Users\User\Desktop\Perfect Dark.zip
[2010/10/06 23:25:00 | 000,008,804 | ---- | M] () -- C:\Users\User\Desktop\SPgQEpbI.mp3
[2010/09/28 21:34:01 | 000,076,278 | ---- | M] () -- C:\Users\User\Desktop\353094.mp3
[2010/09/19 09:56:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/19 09:45:09 | 000,001,840 | ---- | M] () -- C:\Users\User\Desktop\avast! Free Antivirus.lnk
[2010/09/18 18:39:05 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/09/16 21:52:13 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2010/09/16 11:32:05 | 001,791,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/29 16:51:31 | 000,000,600 | ---- | M] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2010/08/24 22:05:58 | 000,001,586 | ---- | M] () -- C:\Users\User\Desktop\WinSCP.lnk
[2010/07/27 12:22:45 | 003,473,408 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/07/27 12:22:45 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/07/27 12:22:45 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
OTL part 3:
========== Files Created - No Company Name ==========
[2010/10/13 21:51:34 | 002,565,432 | ---- | C] () -- C:\Users\User\Desktop\NTBR_CD.exe
[2010/10/13 21:16:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/13 21:16:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/13 21:16:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/13 21:07:23 | 003,878,092 | R--- | C] () -- C:\Users\User\Desktop\ComboFix.exe
[2010/10/13 21:03:28 | 000,080,384 | ---- | C] () -- C:\Users\User\Desktop\MBRCheck.exe
[2010/10/13 08:45:41 | 000,544,768 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2010/10/12 22:04:07 | 000,293,376 | ---- | C] () -- C:\Users\User\Desktop\m9kx36bk.exe
[2010/10/12 18:57:28 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010/10/09 11:42:48 | 000,002,231 | ---- | C] () -- C:\Users\User\Desktop\iTunes.lnk
[2010/10/09 11:41:27 | 000,001,880 | ---- | C] () -- C:\Users\User\Desktop\Photoshop.lnk
[2010/10/08 11:59:10 | 000,287,220 | ---- | C] () -- C:\Users\User\Desktop\KeyTweak_install.exe
[2010/10/08 09:17:45 | 006,191,104 | ---- | C] () -- C:\Users\User\Desktop\Gintama - ED1 - 01 - Fuusen Gum.mp3
[2010/10/07 15:35:22 | 030,036,333 | ---- | C] () -- C:\Users\User\Desktop\Perfect Dark.zip
[2010/10/06 23:25:00 | 000,008,804 | ---- | C] () -- C:\Users\User\Desktop\SPgQEpbI.mp3
[2010/10/06 16:27:05 | 000,201,076 | ---- | C] () -- C:\Windows\comwarn.bmp
[2010/10/06 16:27:05 | 000,049,152 | ---- | C] () -- C:\Windows\CNYUSB.dll
[2010/10/06 16:27:05 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2010/10/06 16:27:05 | 000,003,088 | ---- | C] () -- C:\Windows\MODLED.xml
[2010/10/06 16:27:05 | 000,000,360 | ---- | C] () -- C:\Windows\CNYHKey.ini
[2010/09/28 21:34:05 | 000,076,278 | ---- | C] () -- C:\Users\User\Desktop\353094.mp3
[2010/09/19 09:45:09 | 000,001,840 | ---- | C] () -- C:\Users\User\Desktop\avast! Free Antivirus.lnk
[2010/09/12 12:11:55 | 000,002,513 | ---- | C] () -- C:\Users\User\Desktop\Air Mouse.lnk
[2010/08/24 22:06:01 | 000,000,600 | ---- | C] () -- C:\Users\User\AppData\Roaming\winscp.rnd
[2010/08/24 22:05:58 | 000,001,586 | ---- | C] () -- C:\Users\User\Desktop\WinSCP.lnk
[2010/07/27 12:22:14 | 003,473,408 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/07/27 12:22:14 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/07/27 12:22:14 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/04/13 12:30:44 | 000,000,295 | ---- | C] () -- C:\ProgramData\Setting.dat
[2010/04/13 12:30:44 | 000,000,022 | ---- | C] () -- C:\Users\User\AppData\Roaming\UserFlag.ini
[2010/03/27 21:41:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\laserjet
[2010/02/22 18:42:48 | 000,015,100 | ---- | C] () -- C:\Users\User\AppData\Roaming\UserTile.png
[2010/02/19 16:21:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/19 14:30:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2009/08/01 12:25:48 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009/08/01 12:25:48 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2009/08/01 12:25:48 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009/08/01 12:25:48 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2009/04/07 20:43:36 | 000,000,268 | RH-- | C] () -- C:\ProgramData\vhosts
[2009/04/07 20:43:36 | 000,000,268 | RH-- | C] () -- C:\Users\User\AppData\Roaming\laserjet
[2009/04/07 20:43:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2009/04/07 20:43:34 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\libiconv
[2009/04/07 19:57:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2009/03/12 19:36:34 | 000,782,336 | ---- | C] () -- C:\Windows\System32\IlmImf.dll
[2009/03/12 19:36:34 | 000,353,280 | ---- | C] () -- C:\Windows\System32\pmtf2.dll
[2009/03/12 19:36:34 | 000,205,824 | ---- | C] () -- C:\Windows\System32\pmtf1.dll
[2009/03/12 19:36:34 | 000,204,288 | ---- | C] () -- C:\Windows\System32\pmtf3.dll
[2009/03/12 19:36:34 | 000,053,248 | ---- | C] () -- C:\Windows\System32\pmexr.dll
[2009/03/12 19:36:34 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmbm.dll
[2009/03/12 19:36:33 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Photomatix_jpg.dll
[2009/03/12 19:36:33 | 000,266,240 | ---- | C] () -- C:\Windows\System32\Photomatix25Lib.dll
[2009/03/12 19:36:33 | 000,249,856 | ---- | C] () -- C:\Windows\System32\Photomatix25Lib2.dll
[2009/03/12 19:36:33 | 000,167,936 | ---- | C] () -- C:\Windows\System32\Photomatix25Lib3.dll
[2009/02/28 14:49:19 | 000,000,216 | ---- | C] () -- C:\Windows\ViewNX.INI
[2009/02/28 14:42:57 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2009/02/28 14:42:57 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\Rock Kit
[2009/02/28 14:40:47 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sample Delay
[2009/02/28 14:40:47 | 000,000,268 | RH-- | C] () -- C:\Users\User\AppData\Roaming\Robot
[2009/02/28 14:40:47 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/02/28 14:40:47 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Screen Savers
[2009/02/13 23:38:39 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/02/13 23:35:25 | 000,000,044 | ---- | C] () -- C:\Windows\EPSNX400.ini
[2008/11/16 20:04:55 | 000,049,959 | ---- | C] () -- C:\Windows\php.ini
[2008/08/10 10:26:44 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2008/05/03 11:15:25 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/01/13 13:41:37 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/29 22:47:52 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007/12/03 21:02:27 | 000,002,106 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2007/12/03 17:11:30 | 000,066,048 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/02 21:03:39 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\QSwitch.txt
[2007/12/02 21:03:39 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\DSwitch.txt
[2007/12/02 21:03:39 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\AtStart.txt
[2007/10/25 23:02:54 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2007/08/23 20:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/07/02 15:08:26 | 000,001,321 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/06/27 16:13:51 | 000,512,000 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2007/05/31 07:14:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/05/31 06:49:06 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/02/27 16:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 02:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 02:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/02/28 14:33:00 | 000,343,040 | R--- | C] () -- C:\Windows\System32\lffpx7.dll
[2005/02/28 14:33:00 | 000,116,736 | R--- | C] () -- C:\Windows\System32\lfkodak.dll
[2004/03/26 09:56:40 | 000,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2004/01/08 10:30:22 | 000,011,170 | ---- | C] () -- C:\Windows\System32\PA207USD.DLL
[2003/09/23 08:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll
[2003/08/10 10:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll
[2003/08/08 20:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== LOP Check ==========
[2010/03/25 15:00:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\acccore
[2010/04/13 12:32:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AutoHideIP
[2008/12/19 09:57:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BonkEnc
[2008/10/20 13:39:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\cmw
[2009/10/01 11:59:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/01/01 18:25:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\COWON
[2008/11/30 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools
[2009/03/09 09:16:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ExpressDigital
[2010/08/16 15:47:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GameTuts
[2009/07/09 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2009/04/10 10:47:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
[2010/06/24 14:46:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iTunes Agent
[2009/02/13 23:43:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2010/08/26 14:06:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
[2009/09/04 08:57:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MSNInstaller
[2009/04/07 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nikon
[2009/07/09 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Participatory Culture Foundation
[2010/10/04 13:39:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PCF-VLC
[2010/02/22 18:42:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PeerNetworking
[2008/10/28 21:25:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Publish Providers
[2010/01/11 22:20:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Red Kawa
[2008/02/16 12:43:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RTPlayer
[2010/06/08 22:36:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SorensonMedia
[2007/12/03 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Template
[2010/10/14 21:57:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2010/10/14 22:00:11 | 000,032,606 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2007/07/02 15:22:45 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/14 08:38:22 | 000,016,029 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/15 07:57:39 | 2137,022,464 | -HS- | M] () -- C:\hiberfil.sys
[2008/02/17 11:45:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/25 15:00:47 | 000,001,063 | -H-- | M] () -- C:\IPH.PH
[2008/02/17 11:45:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/15 07:57:36 | 2450,817,024 | -HS- | M] () -- C:\pagefile.sys
[2008/08/05 21:29:17 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2008/08/05 21:29:17 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/02/19 16:40:43 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2010/02/19 13:36:29 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/20 01:12:06 | 000,000,286 | -HS- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2010/10/13 21:07:26 | 003,878,092 | R--- | M] () -- C:\Users\User\Desktop\ComboFix.exe
[2010/10/08 11:59:08 | 000,287,220 | ---- | M] () -- C:\Users\User\Desktop\KeyTweak_install.exe
[2010/10/12 22:04:05 | 000,293,376 | ---- | M] () -- C:\Users\User\Desktop\m9kx36bk.exe
[2010/10/13 21:03:22 | 000,080,384 | ---- | M] () -- C:\Users\User\Desktop\MBRCheck.exe
[2010/05/20 20:36:06 | 016,726,528 | ---- | M] (GameTuts) -- C:\Users\User\Desktop\Modio.exe
[2010/10/13 21:51:36 | 002,565,432 | ---- | M] () -- C:\Users\User\Desktop\NTBR_CD.exe
[2010/10/15 08:27:58 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/06/07 16:16:56 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\User\Desktop\procexp.exe
[2010/04/23 08:56:39 | 005,348,430 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Users\User\Desktop\SASDEFINITIONS.EXE
OTL part 4(end):
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2009/09/03 13:30:06 | 000,000,086 | -HS- | M] () -- C:\Users\User\Favorites\desktop (2).ini
[2010/02/17 23:53:25 | 000,000,100 | -HS- | M] () -- C:\Users\User\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2009/04/08 10:27:21 | 000,001,321 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/03/27 21:41:57 | 000,000,000 | ---- | M] () -- C:\ProgramData\laserjet
[2009/02/28 14:40:47 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Sample Delay
[2009/02/28 14:40:47 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Screen Savers
[2009/04/07 20:43:36 | 000,000,268 | RH-- | M] () -- C:\ProgramData\vhosts
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-16 14:44:18
========== Alternate Data Streams ==========
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >
OTL Extras:
OTL Extras logfile created on: 10/15/2010 8:29:09 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\User\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.54 Gb Total Space | 24.77 Gb Free Space | 23.92% Space Free | Partition Type: NTFS
Drive D: | 8.25 Gb Total Space | 1.50 Gb Free Space | 18.13% Space Free | Partition Type: NTFS
Computer Name: ASK | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AD658A-83CC-4B61-8E07-6A9E1EE3BDE6}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1FD870D9-2C80-4363-8814-30DA70F1B3DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B2A737D-3BCF-464D-8F0D-5898AF3FE4A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CF66F5C-8388-4A06-8E79-D6BC319E108E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2F4AAD21-C776-4D05-AAAA-37C4650B02D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2FD77A1E-DAC3-49E3-BDCB-FFBE55F7561A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30ED67D9-D0B7-4282-995B-E4EC72C0E440}" = lport=3390 | protocol=6 | dir=in | app=system |
"{3362B0F7-BE57-4BAF-B63F-3781562DAA2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40CCB0FB-5E92-4A8D-937E-E09B27D976D7}" = rport=10244 | protocol=6 | dir=out | app=system |
"{45E9BE7B-4E2C-4E49-97C9-55DB3D7291CA}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{477D9C4D-5D20-4877-A051-96717F7BA716}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4CBAD709-0F36-42FC-ACD6-4BA4BEF575A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E813718-D591-42F2-9F1F-1DE47D05E910}" = rport=10244 | protocol=6 | dir=out | app=system |
"{528FEBE0-B702-4617-BC21-D71FCEB4A96F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6583E76B-FDF3-4768-87EE-C602628B75BB}" = lport=10244 | protocol=6 | dir=in | app=system |
"{704DDA08-0640-49AD-81E8-9C4DAA88FABC}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{7364F133-4956-48F4-BFB8-79FE9BAA1BFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92A1EDD0-6021-4C66-813D-58230EB173BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A871EDFF-D9E4-4078-891E-5BDD1ACD9B00}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{AB3983C5-C8BD-44D2-BA02-6D1C785DA005}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AE529A42-4A1A-40E8-9AE7-520C1AD5EFE7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3B58F1D-267E-4824-87F4-EC924CA17895}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B85AC426-EC27-41FB-9FEF-78ECBCA3A152}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DFE7A25A-FEDF-4DA0-BE00-7B60337EB184}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0302C97-F86B-4787-990A-33E2A761AA1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EA182DCC-8498-4123-A86F-CBF99B2BBBF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECC74572-1E19-41B4-87ED-EF15F98057F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EE7DB200-56A7-41D8-A25E-34F63E101F09}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{FCD34262-28BB-426C-A4F4-6AFC97A38598}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
OTL Extras 2:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09072B94-762C-4E72-96C4-F757FD5053C5}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{09AD28E0-9AC1-4020-8926-CD3EBB9BCB7C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0E5D8F82-F20F-49A4-859D-B2D7A71F2897}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0F00C2CC-DFA7-47E1-9900-9FF419974DA8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1007139C-9EE4-40B2-9295-F6A858488E8C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{16DE3AAB-B77D-41B5-8B23-06C711ACBC62}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{1A0A9032-E4F6-48A6-A875-22D775C2603D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{205F9FBE-A091-4BB8-B5C4-DE40A44ECC94}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{28BD40BA-5260-4339-B6B4-67880C1781F0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{29832D12-7090-40CD-BDA4-AE7557BF045F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{2AB45576-535C-4805-BC9B-4468B5C1A883}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2B63DD9B-A0DC-461C-8A6E-E74F1F57E09E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{2C360A00-9E4F-49D8-ACC4-BD3DF7CC069C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E240EF2-D0D2-49C7-9A52-D30081814F82}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{2FB92F16-6B64-43BA-8134-391CF453F0BC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{37933574-D742-4D03-9B00-8741B181DC7F}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{40680330-5DA7-458F-8365-286EC5F29468}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{40FF2285-BE74-49BC-A99B-A0BA4F0643E2}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{46064507-A06B-4E64-AA55-DE11C66EC63C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{48C8C6DC-5227-4F54-8401-93517FA93393}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4E04E64F-AE13-4867-A79F-8A6F241DDD36}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{517473D1-9075-43C8-82A9-D6F6D091AAEE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{51B060D6-D32E-4BBE-99E2-4B959CFE916D}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{52511075-CEE2-4479-A586-13872E8646D0}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{549B6B35-6936-4226-B668-E7BF8E56239F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{57DC2668-6225-473A-A5A2-0A839F0A0CA7}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{5EF191FC-52BF-4347-8187-BB36B6EB393F}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{68A51392-8536-4938-907B-45130DCA4EC6}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6C068F26-2A0B-4DEB-853F-FBD924AD2671}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6E10C5AC-C0D6-4096-A54B-CD9419B67CEA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{71BDE264-EA75-460F-AE13-FD66E44AD65E}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{82110467-1618-4FE8-8E7F-25E84678EB47}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8BA44A3A-E0EE-48D0-ACEC-5CEF889853A9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9071F170-C21F-4773-8E8F-117D16F5FF0D}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{93364FFB-2E27-43FB-BDDC-F30192121245}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{99535E70-1306-4163-95EC-9A23E1E4F839}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{997E7CDE-441F-4622-8BE7-F2B7455CD01D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A3485055-2356-40A6-B4A2-E76962C46945}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B05D60CC-C860-4710-BA83-42E1A692950F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B6973CB4-EB1C-41EF-BE68-5248A3990119}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B6988973-878F-40FA-AB73-1DD41FC82701}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{BDC87F2F-64C4-492B-B680-D4CFD47CAF97}" = protocol=17 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe |
"{C372D478-5C60-4B05-B719-8BFF44AB655B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C83B7026-7510-499C-B9A5-BE3CA50E77C4}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{CAF9D0E6-3088-49FB-9FC7-007986BDB957}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{D182EE80-8DFD-4E44-B52D-76791242342E}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{D63869C1-6E98-4D09-B08C-58999479CAED}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D6AE63DE-5E50-4E8B-B00B-3C04D7B971EB}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{DAD74EFE-EF86-477C-A6AF-D21377A4A757}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{DAF9D2F1-DAD7-461B-95C0-38A092F5E668}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E035354A-40D0-45A1-AA59-6690996273F0}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{E5855797-0560-4E2E-B5CC-2AF235443353}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E61C9BA9-8EE1-4985-9A83-10052E75B6F6}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{F3B4F889-CD88-4CBF-81C1-37D525E21CE5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F543A254-FAF0-4E52-95BF-807BB9572A5A}" = protocol=6 | dir=in | app=c:\program files\rapidsolution\tunebite\tunebitehelper.exe |
"{F5702B88-6A9A-437E-9A23-D78AF6FFCC60}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FF2A7C84-E427-4623-813D-FFB61AF82C11}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{15120C0C-A4DE-40A8-86CE-2A6F4AF54B4D}C:\program files\sorenson media\sorenson squeeze 6\squeeze.exe" = protocol=6 | dir=in | app=c:\program files\sorenson media\sorenson squeeze 6\squeeze.exe |
"TCP Query User{1B12D837-0253-4350-9A07-9B96764D94ED}C:\program files\realvnc\vnc4\winvnc4.exe" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"TCP Query User{2DB693D5-84EF-403F-AE5B-CC6F265CE54C}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{3067112C-BCFB-41CD-AACF-DFD4E4FCDA85}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{36C7C665-5E58-4B4C-A741-CAB58C502ADF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3AE89D9D-C5D9-44F8-8B45-B80E36F38F1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4A297E0B-47BC-41E3-91B6-32A5FDD7784E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{54CABC1A-1A9E-4721-9982-121E185089C4}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{654B1F41-3F46-41B5-9A2C-0CE785716E08}C:\program files\adobe\adobe after effects cs3\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs3\support files\afterfx.exe |
"TCP Query User{6E802CEC-19BF-402C-A7A9-4F8B56F4D58E}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{80E4F7EC-AC3E-4A0A-A506-D600719646C3}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{97697C45-D0D1-450B-8DF4-13B6163348AA}C:\users\user\desktop\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"TCP Query User{A2A4D01D-B2BC-4E43-B621-68F7F5DA4C7C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{B31EB147-9B84-463F-822F-47CF297400FE}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{DB52CC70-4FB4-4BB1-9E55-D8709D99A726}C:\users\user\desktop\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"TCP Query User{E4B5E232-F067-4E13-A925-34E6E101F512}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{F502C336-3784-4898-8771-504249ABA0BE}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{F82EF6D2-53AA-4F10-8C21-64C747EB1F20}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{08055B90-EFCF-43A7-8F06-C315744E529F}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{0B09AD00-EDC8-4C80-8A3C-CF01D4A36D95}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{281FA310-3936-431C-BC33-D453A1886A28}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{2985F139-50BC-4546-AD49-AF7E9E2AA14D}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{51D011FD-57EE-4434-832F-FBB86C428091}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{572F2711-55F1-4CAB-A7FD-FFB2044093E2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{65D7BD17-6431-4B85-A572-F334EC552893}C:\program files\realvnc\vnc4\winvnc4.exe" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"UDP Query User{68379C51-656A-4008-A96C-718431FCF9E9}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{78834F5B-A204-414C-879B-BFC70AB66010}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{85046B0D-4ED2-415C-9E96-BA609DB1C41D}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{879E1935-A25F-448B-B3A2-26FE6B31A1D5}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{A830088C-7BDE-40C4-B95F-2BA0FCAA2723}C:\users\user\desktop\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"UDP Query User{AE7A67B9-2047-4FCB-AFF6-054B82386AAD}C:\users\user\desktop\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\left.4.dead.full-rip.skullptura\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"UDP Query User{B13D255A-E28E-4331-BE92-2E936881CF3E}C:\program files\sorenson media\sorenson squeeze 6\squeeze.exe" = protocol=17 | dir=in | app=c:\program files\sorenson media\sorenson squeeze 6\squeeze.exe |
"UDP Query User{BC0FF2FA-0AFC-4937-9C56-DBBDC28F8BB3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BD5A4C52-79BB-408D-B7A4-185D17AB6751}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{CD099112-E11D-4F18-945C-A752C6F2840C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{D409446A-2E9D-43F7-BCF0-BC5B911B22F2}C:\program files\adobe\adobe after effects cs3\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs3\support files\afterfx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{449801F1-65B0-46F5-B4C5-1EF464EF7214}" = Mobile Mouse Server
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.2
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{531BC138-F1F7-496B-879C-F039ECEF438D}" = Adobe Photoshop Lightroom 2
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54F7A791-38DE-4439-AB3F-B3F7DDA89C75}" = ESU for Microsoft Vista
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{621FCD24-4498-4324-A81E-07D331376EDF}" = PixiePack Codec Pack
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66C1DD9B-02D8-4A31-B54C-FE8DC76F25D4}" = HP User Guides 0078
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3
OTL Extras3(final):
Master Collection
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B338EA45-9F18-4FE4-A079-89668D1F6519}" = USB 2.4G Wireless Keyboard Driver
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.57
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.5 Professional
"Adobe Acrobat 8 Professional_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Capture NX 2" = Capture NX 2
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045_SprtHDzm" = HDAUDIO Soft Data Fax Modem with SmartCP
"Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"ffdshow_is1" = ffdshow [rev 2033] [2008-07-05]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Miro" = Miro
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MyDefrag v4.2.7_is1" = MyDefrag v4.2.7
"Opanda IExif_is1" = Opanda IExif 2.3
"Photomatix Pro_is1" = Photomatix Pro version 2.5
"Registry First Aid_is1" = Registry First Aid
"SpeedFan" = SpeedFan (remove only)
"Trapcode Form" = Trapcode Form
"Trapcode Particular v2" = Trapcode Particular v2
"uTorrent" = µTorrent
"Videora iPod touch Converter" = Videora iPod touch Converter 5.03
"WebDesigner" = Microsoft Expression Web
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.2.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 2/1/2010 4:31:54 PM | Computer Name = ASK | Source = avast! | ID = 33554522
Description =
Error - 2/1/2010 4:31:54 PM | Computer Name = ASK | Source = avast! | ID = 33554522
Description =
Error - 2/1/2010 4:32:14 PM | Computer Name = ASK | Source = avast! | ID = 33554522
Description =
Error - 2/1/2010 4:32:45 PM | Computer Name = ASK | Source = avast! | ID = 33554522
Description =
Error - 2/1/2010 4:32:45 PM | Computer Name = ASK | Source = avast! | ID = 33554522
Description =
Error - 2/1/2010 4:32:46 PM | Computer Name = ASK | Source = avast! | ID = 33554522
Description =
Error - 2/1/2010 8:24:18 PM | Computer Name = ASK | Source = avast! | ID = 33554522
Description =
Error - 2/1/2010 8:24:18 PM | Computer Name = ASK | Source = avast! | ID = 33554522
Description =
Error - 2/1/2010 8:24:21 PM | Computer Name = ASK | Source = avast! | ID = 33554522
Description =
Error - 8/27/2010 1:38:03 PM | Computer Name = ASK | Source = avast! | ID = 33554522
Description =
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Your CPU usage looks perfect.
System Idle Process (CPU NOT used) is listed at 99.92%, so I'm not sure, where you see explorer using 50%....hmmmmm.
================================================================
Update your Java version here: http://www.java.com/en/download/installed.jsp
Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
Now, we need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
==============================================================
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL
SRV - File not found [Disabled | Stopped] -- -- (gupdate) Google Update Service (gupdate)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
:Services
:Reg
:Files
C:\Program Files\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
================================================================
Last scans...
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- IMPORTANT! UN-check Remove found threats
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
Yeah, forgot to mention that it's really random. It won't run the whole time at %50, certain things trigger it, for instance, the last few times it's happened, it's been Windows Media player starting it. I can close WMP and explorer will still be running at %50 until I either restart explorer.exe or restart my computer. Next time it happens, I'll get a log from that Process program.!
But I will get on all these scans asap. Thank you for your time (:
If you can catch explorer using a lot of CPU, use Process Explorer to catch the moment and post the log.