Computer Hope
Microsoft => Microsoft Windows => Windows Vista and 7 => Topic started by: harry 48 on September 05, 2010, 11:36:23 AM
-
i don't know what the fault is , i'm trying this first with the log's
i think i have a keylogger or something in my yahoo e-mail , i cannot get into it no matter what i try , even to set up a new accout
but if the logs are all clear it might be a bad fault with win7
ccleaner ran first of all
======================
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 09/05/2010 at 04:55 PM
Application Version : 4.41.1000
Core Rules Database Version : 5457
Trace Rules Database Version: 3269
Scan type : Complete Scan
Total Scan Time : 02:45:02
Memory items scanned : 519
Memory threats detected : 0
Registry items scanned : 13717
Registry threats detected : 0
File items scanned : 74020
File threats detected : 7
Adware.Tracking Cookie
C:\Users\harry\AppData\Roaming\Microsoft\Windows\Cookies\Low\harry@apmebf[1].txt
C:\Users\harry\AppData\Roaming\Microsoft\Windows\Cookies\Low\harry@mediaplex[2].txt
C:\Users\harry\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
C:\Users\harry\AppData\Roaming\Microsoft\Windows\Cookies\Low\harry@adultfriendfinder[2].txt
C:\Users\harry\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\harry\AppData\Roaming\Microsoft\Windows\Cookies\Low\harry@doubleclick[1].txt
C:\Users\harry\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4550
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
05/09/2010 16:55:29
mbam-log-2010-09-05 (16-55-29).txt
Scan type: Full scan (C:\|E:\|)
Objects scanned: 450298
Time elapsed: 2 hour(s), 44 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:32:16, on 05/09/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
E:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Folding@home\Folding@home-x86\[email protected]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Folding@home\Folding@home-x86\FahCore_78.exe
C:\Users\harry\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-tyc8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WhatPulse] E:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Folding@home - Shortcut.lnk = C:\Folding@home\Folding@home-x86\[email protected]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 8157 bytes
-
combofix will not work , win7 , tried to run rkill
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as harry on 05/09/2010 at 19:17:15.
Services Stopped:
Processes terminated by Rkill or while it was running:
C:\Users\harry\Desktop\rkill.exe
Rkill completed on 05/09/2010 at 19:17:18.
-
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
-
thanks dave , 2 logs attached hope i did them right , harry
reading the logs there seems to be a lot of files missing and errors , but maybe thats the norm
OTL logfile created on: 07/09/2010 19:07:46 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\harry\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 427.83 Gb Free Space | 91.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 72.12 Gb Total Space | 46.04 Gb Free Space | 63.84% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HARRY-PC
Current User Name: harry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/07 19:06:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\harry\Desktop\OTL.exe
PRC - [2010/08/30 23:23:21 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/08/11 20:18:36 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/08/03 15:00:40 | 016,636,416 | ---- | M] () -- C:\Folding@home\Folding@home-x86\FahCore_b4.exe
PRC - [2009/04/08 21:51:34 | 002,814,976 | ---- | M] (WhatPulse.org) -- E:\Program Files\WhatPulse\WhatPulse.exe
PRC - [2008/11/26 13:48:10 | 000,449,536 | ---- | M] () -- C:\Folding@home\Folding@home-x86\[email protected]
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
========== Modules (SafeList) ==========
MOD - [2010/09/07 19:06:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\harry\Desktop\OTL.exe
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 02:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
========== Driver Services (SafeList) ==========
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pfc.sys -- (pfc)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/25 14:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 02:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 02:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 00:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 00:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/30 06:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/?fr=fp-tyc8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 31 E2 FB 98 2D CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [EPSON Stylus Photo RX520 Series] C:\Windows\SysNative\spool\DRIVERS\x64\3\E_FATIAGE.EXE (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WhatPulse] E:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - Startup: C:\Users\harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home - Shortcut.lnk = C:\Folding@home\Folding@home-x86\[email protected] ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/30 14:32:14 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{c9dda4e7-9a20-11df-b327-0025224c866e}\Shell - "" = AutoRun
O33 - MountPoints2\{c9dda4e7-9a20-11df-b327-0025224c866e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c9dda636-9a20-11df-b327-0025224c866e}\Shell - "" = AutoRun
O33 - MountPoints2\{c9dda636-9a20-11df-b327-0025224c866e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
========== Files/Folders - Created Within 90 Days ==========
[2010/09/07 19:06:13 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\harry\Desktop\OTL.exe
[2010/09/05 19:15:06 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/05 17:32:43 | 000,000,000 | ---D | C] -- C:\Users\harry\Desktop\backups
[2010/08/30 21:46:32 | 000,000,000 | ---D | C] -- C:\fah 5
[2010/08/30 21:46:30 | 000,000,000 | ---D | C] -- C:\fah 4
[2010/08/30 21:46:27 | 000,000,000 | ---D | C] -- C:\fah3
[2010/08/30 21:46:21 | 000,000,000 | ---D | C] -- C:\fah 2
[2010/08/29 15:30:53 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Elephant Games
[2010/08/23 23:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Funny Bear Studio
[2010/08/23 18:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diner Dash
[2010/08/23 17:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2010/08/22 23:40:53 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Enlightenus2SE_BFG
[2010/08/20 11:16:50 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Oberon Media
[2010/08/19 23:24:23 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\ERS Game Studios
[2010/08/19 20:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media
[2010/08/19 20:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2010/08/19 20:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[2010/08/19 20:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Games
[2010/08/18 23:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Exorcist DS 1
[2010/08/17 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Boomzap
[2010/08/16 22:44:07 | 000,000,000 | ---D | C] -- C:\Users\harry\Documents\My Albums
[2010/08/16 22:44:07 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\ArcSoft
[2010/08/16 21:14:44 | 000,000,000 | ---D | C] -- C:\Anuman Interactive
[2010/08/16 21:11:22 | 000,000,000 | ---D | C] -- C:\CyberLink
[2010/08/16 21:10:48 | 000,000,000 | ---D | C] -- C:\Cartoonist
[2010/08/16 21:10:34 | 000,000,000 | ---D | C] -- C:\folding
[2010/08/16 21:09:52 | 000,000,000 | R--D | C] -- C:\My Videos
[2010/08/16 21:05:29 | 000,000,000 | ---D | C] -- C:\Users\harry\Documents\all folders for blog
[2010/08/16 21:04:20 | 000,000,000 | ---D | C] -- C:\Users\harry\Documents\brians bills
[2010/08/15 20:19:11 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
[2010/08/15 20:19:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2010/08/12 22:44:58 | 000,000,000 | ---D | C] -- C:\epson
[2010/08/12 22:41:11 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\InstallShield
[2010/08/12 21:24:18 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\Diagnostics
[2010/08/12 21:23:09 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\EPSON
[2010/08/12 21:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2010/08/12 20:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/08/12 20:52:46 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\ElevatedDiagnostics
[2010/08/12 20:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zeallsoft
[2010/08/11 16:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/11 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/11 16:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/08/11 00:03:24 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Playrix Entertainment
[2010/08/11 00:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fishdom Frosty Splash
[2010/08/09 22:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010/08/09 22:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2010/08/09 21:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BookWorm Deluxe
[2010/08/09 21:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MONOPOLY Build-a-lot
[2010/08/09 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/08/08 23:17:27 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\7Wonders
[2010/08/08 23:16:50 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Magic Match
[2010/08/08 23:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2010/08/08 22:34:06 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\IObit
[2010/08/08 21:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft
[2010/08/08 21:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeeGTs Games
[2010/08/08 21:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Build-A-Lot 4
[2010/08/08 21:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Build a Lot 5 Elizabethan Era
[2010/08/08 20:15:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magic Match
[2010/08/08 20:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7 Wonders of the World
[2010/08/08 20:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feeding Frenzy
[2010/08/08 20:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zuma Deluxe
[2010/08/08 20:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Big Kahuna Reef
[2010/08/08 20:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Big Kahuna Reef 2 - Chain Reaction
[2010/08/08 20:08:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teddy Factory
[2010/08/08 15:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2010/08/08 15:45:43 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2010/08/08 14:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2010/08/07 23:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOT
[2010/08/07 23:19:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/08/07 21:58:57 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\Microsoft Games
[2010/08/07 19:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/08/07 19:28:32 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\uTorrent
[2010/08/07 19:25:08 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/08/07 19:25:08 | 000,065,640 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/08/07 17:33:28 | 000,009,469 | ---- | C] (Leadtek Research Inc.) -- C:\Windows\SysWow64\drivers\WINFOXIO.sys
[2010/08/07 17:33:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WinFox
[2010/08/07 17:33:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WinFast
[2010/08/07 17:33:22 | 000,000,000 | ---D | C] -- C:\WinFastPVR
[2010/08/07 17:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/07 17:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/08/07 17:12:08 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/08/07 17:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/07 16:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/08/06 19:15:04 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\ScreenCapturePrint
[2010/08/05 21:25:19 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Malwarebytes
[2010/08/05 20:01:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/08/04 23:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/04 23:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/08/04 23:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/04 23:32:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/04 23:32:10 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/04 23:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/04 23:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/04 23:08:55 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\Yahoo
[2010/08/04 23:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2010/08/04 21:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/08/04 21:13:34 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Yahoo!
[2010/08/04 21:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/08/02 21:50:00 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\MigWiz
[2010/08/02 20:32:54 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\BuildAGadget Content
[2010/08/02 20:16:52 | 000,000,000 | ---D | C] -- C:\SUPERAntiSpyware
[2010/08/02 20:16:38 | 000,000,000 | ---D | C] -- C:\WhatPulse
[2010/08/02 20:16:25 | 000,000,000 | ---D | C] -- C:\WOT
[2010/08/02 20:14:52 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010/08/02 20:12:00 | 000,000,000 | ---D | C] -- C:\Folding@home
[2010/08/02 18:56:35 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\WhatPulse
[2010/08/02 18:44:59 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/01 21:20:11 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\Adobe
[2010/07/29 21:53:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/07/29 21:41:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/07/28 09:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology
[2010/07/28 09:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/07/28 09:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/28 09:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010/07/28 09:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/07/28 09:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/07/28 09:03:00 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/28 09:01:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/28 09:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/07/28 09:00:46 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\Microsoft Help
[2010/07/28 09:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010/07/28 09:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/07/28 09:00:16 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/27 23:46:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/07/27 17:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/27 15:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/07/27 15:50:21 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Macromedia
[2010/07/27 15:50:21 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Adobe
[2010/07/27 15:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/07/27 15:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/07/27 15:42:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/07/27 15:41:51 | 000,242,176 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2010/07/27 15:41:51 | 000,193,024 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2010/07/27 15:41:51 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2010/07/27 15:41:51 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2010/07/27 15:41:51 | 000,076,288 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2010/07/27 15:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2010/07/27 15:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010/07/27 15:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/07/27 15:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/07/27 15:39:39 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/07/27 15:06:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/07/27 15:06:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/27 14:58:54 | 000,000,000 | R--D | C] -- C:\Users\harry\Searches
[2010/07/27 14:58:54 | 000,000,000 | -H-D | C] -- C:\Users\harry\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/27 14:58:44 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Identities
[2010/07/27 14:58:42 | 000,000,000 | R--D | C] -- C:\Users\harry\Contacts
[2010/07/27 14:58:41 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\VirtualStore
[2010/07/27 14:58:33 | 000,000,000 | --SD | C] -- C:\Users\harry\AppData\Roaming\Microsoft
[2010/07/27 14:58:33 | 000,000,000 | R--D | C] -- C:\Users\harry\Videos
[2010/07/27 14:58:33 | 000,000,000 | R--D | C] -- C:\Users\harry\Saved Games
[2010/07/27 14:58:33 | 000,000,000 | R--D | C] -- C:\Users\harry\Pictures
[2010/07/27 14:58:33 | 000,000,000 | R--D | C] -- C:\Users\harry\Music
[2010/07/27 14:58:33 | 000,000,000 | R--D | C] -- C:\Users\harry\Links
[2010/07/27 14:58:33 | 000,000,000 | R--D | C] -- C:\Users\harry\Favorites
[2010/07/27 14:58:33 | 000,000,000 | R--D | C] -- C:\Users\harry\Downloads
[2010/07/27 14:58:33 | 000,000,000 | R--D | C] -- C:\Users\harry\My Documents
[2010/07/27 14:58:33 | 000,000,000 | R--D | C] -- C:\Users\harry\Desktop
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\AppData\Local\Temporary Internet Files
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\Templates
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\Start Menu
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\SendTo
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\Recent
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\PrintHood
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\NetHood
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\Documents\My Videos
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\Documents\My Pictures
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\Documents\My Music
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\My Documents
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\Local Settings
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\AppData\Local\History
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\Cookies
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\Application Data
[2010/07/27 14:58:33 | 000,000,000 | -HSD | C] -- C:\Users\harry\AppData\Local\Application Data
[2010/07/27 14:58:33 | 000,000,000 | -H-D | C] -- C:\Users\harry\AppData
[2010/07/27 14:58:33 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\Temp
[2010/07/27 14:58:33 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Local\Microsoft
[2010/07/27 14:58:33 | 000,000,000 | ---D | C] -- C:\Users\harry\AppData\Roaming\Media Center Programs
[2010/07/27 14:56:25 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/07/27 14:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/27 14:47:32 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/27 14:47:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 90 Days ==========
[2010/09/07 19:08:13 | 001,572,864 | -HS- | M] () -- C:\Users\harry\NTUSER.DAT
[2010/09/07 19:06:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\harry\Desktop\OTL.exe
[2010/09/07 18:52:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/07 12:32:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/07 12:32:14 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/07 00:45:25 | 003,808,829 | -H-- | M] () -- C:\Users\harry\AppData\Local\IconCache.db
[2010/09/05 19:17:13 | 000,363,520 | ---- | M] () -- C:\Users\harry\Desktop\rkill.exe
[2010/09/05 19:15:04 | 003,837,097 | ---- | M] () -- C:\Users\harry\Desktop\ComboFix.exe
[2010/09/04 22:31:43 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 22:31:43 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/03 20:54:43 | 000,006,170 | ---- | M] () -- C:\ProgramData\Yahoo! Companion
[2010/08/28 23:19:50 | 000,000,000 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010/08/28 20:34:56 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/08/28 19:52:33 | 000,001,939 | ---- | M] () -- C:\Users\harry\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/28 19:52:33 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/08/26 20:38:29 | 000,001,007 | ---- | M] () -- C:\Users\harry\Desktop\CCleaner.lnk
[2010/08/23 18:19:09 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/23 18:17:49 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Play Diner Dash.lnk
[2010/08/21 19:01:30 | 000,001,091 | ---- | M] () -- C:\Users\harry\Desktop\Fishdom - Shortcut.lnk
[2010/08/20 21:35:18 | 007,909,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/20 21:35:18 | 000,706,446 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010/08/20 21:35:18 | 000,705,470 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2010/08/20 21:35:18 | 000,703,208 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2010/08/20 21:35:18 | 000,701,124 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2010/08/20 21:35:18 | 000,687,974 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2010/08/20 21:35:18 | 000,655,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010/08/20 21:35:18 | 000,629,584 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2010/08/20 21:35:18 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/20 21:35:18 | 000,474,188 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010/08/20 21:35:18 | 000,460,602 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2010/08/20 21:35:18 | 000,445,404 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2010/08/20 21:35:18 | 000,140,882 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2010/08/20 21:35:18 | 000,136,760 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2010/08/20 21:35:18 | 000,136,336 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2010/08/20 21:35:18 | 000,133,960 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010/08/20 21:35:18 | 000,133,360 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010/08/20 21:35:18 | 000,130,964 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2010/08/20 21:35:18 | 000,127,560 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2010/08/20 21:35:18 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/20 21:35:18 | 000,085,968 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2010/08/20 21:35:18 | 000,083,624 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010/08/20 21:35:18 | 000,080,916 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2010/08/20 21:17:09 | 000,000,820 | ---- | M] () -- C:\Users\harry\Desktop\[MONOVA.ORG]_BigFishGames_-_Fishdom_Frosty_Splash_-_[FULL]_Duwan.lnk
[2010/08/19 21:58:53 | 000,002,011 | ---- | M] () -- C:\Users\harry\Desktop\Fishdom (2).lnk
[2010/08/19 20:52:53 | 000,002,018 | ---- | M] () -- C:\Users\harry\Desktop\Fishdom.lnk
[2010/08/19 20:52:53 | 000,001,192 | ---- | M] () -- C:\Users\harry\Desktop\MSN Games.lnk
[2010/08/19 19:33:44 | 000,001,272 | ---- | M] () -- C:\Users\harry\Desktop\Snipping Tool.lnk
[2010/08/15 22:35:33 | 000,001,038 | ---- | M] () -- C:\Users\harry\Desktop\Pictures - Shortcut.lnk
[2010/08/15 20:25:06 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\EPSON File Manager.lnk
[2010/08/15 20:19:44 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpression 5.lnk
[2010/08/15 20:17:32 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\ESPRX520 User's Guide.lnk
[2010/08/15 20:17:01 | 000,008,284 | ---- | M] () -- C:\Windows\SysWow64\eps_icon.avi
[2010/08/12 21:21:12 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss
[2010/08/11 20:03:25 | 000,001,822 | ---- | M] () -- C:\Users\harry\Desktop\Epson ESC-P-R - Shortcut.lnk
[2010/08/11 16:23:24 | 000,414,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 22:31:08 | 000,001,418 | ---- | M] () -- C:\Users\Public\Desktop\Bookworm Adventures Vol. 2.lnk
[2010/08/09 22:31:08 | 000,000,200 | ---- | M] () -- C:\Users\Public\Desktop\Play More Great Games!.url
[2010/08/09 21:30:36 | 000,001,056 | ---- | M] () -- C:\Users\harry\Desktop\BookWorm Deluxe.lnk
[2010/08/08 23:06:32 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2010/08/08 21:24:34 | 000,001,304 | ---- | M] () -- C:\Users\Public\Desktop\Buildalot2.exe.lnk
[2010/08/08 21:22:40 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Build-A-Lot 4.lnk
[2010/08/08 21:18:54 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Build a Lot 5 Elizabethan Era.lnk
[2010/08/08 20:16:02 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Play Magic Match.lnk
[2010/08/08 20:15:04 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\Play 7 Wonders of the World.lnk
[2010/08/08 20:13:34 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\Play Feeding Frenzy.lnk
[2010/08/08 20:12:33 | 000,001,928 | ---- | M] () -- C:\Users\Public\Desktop\Play Zuma Deluxe.lnk
[2010/08/08 20:11:37 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Play Big Kahuna Reef.lnk
[2010/08/08 20:10:44 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Play Big Kahuna Reef 2 - Chain Reaction.lnk
[2010/08/08 20:09:07 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Play Teddy Factory.lnk
[2010/08/08 14:13:56 | 000,000,027 | ---- | M] () -- C:\Windows\CDE RX520E.ini
[2010/08/07 19:28:47 | 000,000,967 | ---- | M] () -- C:\Users\harry\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/04 23:39:22 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/04 23:32:13 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/04 23:06:56 | 000,002,027 | ---- | M] () -- C:\Users\harry\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/08/04 23:06:56 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/08/04 19:06:14 | 000,000,801 | ---- | M] () -- C:\Users\harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home - Shortcut.lnk
[2010/07/29 21:56:23 | 000,109,240 | ---- | M] () -- C:\Users\harry\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/29 21:48:29 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/07/28 09:13:31 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/07/27 17:06:28 | 000,007,605 | ---- | M] () -- C:\Users\harry\AppData\Local\Resmon.ResmonCfg
[2010/07/27 15:50:37 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2010/07/27 15:32:34 | 000,001,437 | ---- | M] () -- C:\Users\harry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/27 15:07:52 | 000,524,288 | -HS- | M] () -- C:\Users\harry\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/27 15:07:52 | 000,524,288 | -HS- | M] () -- C:\Users\harry\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 15:07:52 | 000,065,536 | -HS- | M] () -- C:\Users\harry\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/27 15:02:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/27 14:58:59 | 000,001,443 | ---- | M] () -- C:\Users\harry\Desktop\Internet Explorer.lnk
[2010/07/27 14:58:33 | 000,000,020 | -HS- | M] () -- C:\Users\harry\ntuser.ini
[2010/07/27 14:57:14 | 000,000,003 | ---- | M] () -- C:\Windows\7Loader.TAG
[2010/07/27 14:54:00 | 000,040,251 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/27 14:54:00 | 000,040,251 | ---- | M] () -- C:\Windows\SysNative\license.rtf
========== Files Created - No Company Name ==========
[2010/09/05 19:17:06 | 000,363,520 | ---- | C] () -- C:\Users\harry\Desktop\rkill.exe
[2010/09/05 19:14:58 | 003,837,097 | ---- | C] () -- C:\Users\harry\Desktop\ComboFix.exe
[2010/09/03 20:54:44 | 000,006,170 | ---- | C] () -- C:\ProgramData\Yahoo! Companion
[2010/08/28 23:19:50 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/28 20:34:56 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/08/23 18:17:49 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Play Diner Dash.lnk
[2010/08/21 19:01:30 | 000,001,091 | ---- | C] () -- C:\Users\harry\Desktop\Fishdom - Shortcut.lnk
[2010/08/19 21:58:53 | 000,002,011 | ---- | C] () -- C:\Users\harry\Desktop\Fishdom (2).lnk
[2010/08/19 20:52:53 | 000,002,018 | ---- | C] () -- C:\Users\harry\Desktop\Fishdom.lnk
[2010/08/19 20:52:53 | 000,001,192 | ---- | C] () -- C:\Users\harry\Desktop\MSN Games.lnk
[2010/08/19 19:33:44 | 000,001,272 | ---- | C] () -- C:\Users\harry\Desktop\Snipping Tool.lnk
[2010/08/18 19:23:06 | 000,001,939 | ---- | C] () -- C:\Users\harry\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/08/15 22:35:33 | 000,001,038 | ---- | C] () -- C:\Users\harry\Desktop\Pictures - Shortcut.lnk
[2010/08/15 20:32:17 | 001,347,705 | ---- | C] () -- C:\Windows\Uninstallvusb.dll
[2010/08/15 20:25:06 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\EPSON File Manager.lnk
[2010/08/15 20:19:44 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpression 5.lnk
[2010/08/15 20:17:59 | 000,101,159 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/08/15 20:17:59 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/08/15 20:17:59 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/08/15 20:17:59 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/08/15 20:17:59 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/08/15 20:17:59 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/08/15 20:17:59 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/08/15 20:17:59 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/08/15 20:17:59 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/08/15 20:17:59 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/08/15 20:17:59 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/08/15 20:17:59 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/08/15 20:17:59 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/08/15 20:17:59 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/08/15 20:17:59 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/08/15 20:17:59 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/08/15 20:17:59 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/08/15 20:17:58 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2010/08/15 20:17:58 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg
[2010/08/15 20:17:58 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2010/08/15 20:17:58 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2010/08/15 20:17:58 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg
[2010/08/15 20:17:58 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg<
-
OTL Extras logfile created on: 07/09/2010 19:07:46 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\harry\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 76.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 427.83 Gb Free Space | 91.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 72.12 Gb Total Space | 46.04 Gb Free Space | 63.84% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HARRY-PC
Current User Name: harry
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1A292D38-BFA3-4132-9704-D9C94B7436B9}" = Build-a-lot 2 - Town of the Year
"{1D2E8198-25CE-4901-B8EB-8587185C5776}" = BT Voyager USB Driver
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115224440}" = Fishdom
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Belarc Advisor" = Belarc Advisor 8.1
"BFG-7 Wonders of the World" = 7 Wonders of the World
"BFG-Big Kahuna Reef" = Big Kahuna Reef
"BFG-Big Kahuna Reef 2 - Chain Reaction" = Big Kahuna Reef 2 - Chain Reaction
"BFGC" = Big Fish Games: Game Manager
"BFG-Diner Dash" = Diner Dash
"BFG-Feeding Frenzy" = Feeding Frenzy
"BFG-Magic Match" = Magic Match
"BFG-Teddy Factory" = Teddy Factory
"BFG-Zuma Deluxe" = Zuma Deluxe
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"BookWorm Deluxe" = BookWorm Deluxe
"Build a Lot 5 Elizabethan Era1.0" = Build a Lot 5 Elizabethan Era
"Build-A-Lot 4" = Build-A-Lot 4
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8 D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESPRX520 User's Guide" = ESPRX520 User's Guide
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"uTorrent" = µTorrent
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04/09/2010 13:06:27 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0x834 Faulting application start time: 0x01cb4c5382a18a94 Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll Report Id: c0b49b8c-b846-11df-8a1b-0025224c866e
Error - 04/09/2010 13:16:25 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0x4f8 Faulting application start time: 0x01cb4c54e74cda83 Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll Report Id: 25303c73-b848-11df-8a1b-0025224c866e
Error - 04/09/2010 17:16:40 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0x704 Faulting application start time: 0x01cb4c76753b7978 Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll Report Id: b4eb0142-b869-11df-a6ae-0025224c866e
Error - 04/09/2010 17:26:38 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0x9f8 Faulting application start time: 0x01cb4c77daca79fa Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll Report Id: 19a10bc6-b86b-11df-a6ae-0025224c866e
Error - 05/09/2010 09:03:50 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0x6c0 Faulting application start time: 0x01cb4cfac71c5990 Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll Report Id: 066ee5a4-b8ee-11df-9e6b-0025224c866e
Error - 05/09/2010 09:13:58 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0x954 Faulting application start time: 0x01cb4cfc31e3267d Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll Report Id: 70d8b6db-b8ef-11df-9e6b-0025224c866e
Error - 06/09/2010 14:16:22 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0x7e0 Faulting application start time: 0x01cb4def9ac123e4 Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll Report Id: d9d8152e-b9e2-11df-8773-0025224c866e
Error - 06/09/2010 14:26:20 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0xf54 Faulting application start time: 0x01cb4df100193460 Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll Report Id: 3e5bf460-b9e4-11df-8773-0025224c866e
Error - 07/09/2010 07:32:31 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0x9b4 Faulting application start time: 0x01cb4e805b6fe4d2 Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll Report Id: 99b5072c-ba73-11df-9fed-0025224c866e
Error - 07/09/2010 07:42:30 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0xf9c Faulting application start time: 0x01cb4e81bfd3fa80 Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll Report Id: fe9ea08a-ba74-11df-9fed-0025224c866e
[ System Events ]
Error - 02/09/2010 08:29:18 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 02/09/2010 12:07:58 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 02/09/2010 18:34:13 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 03/09/2010 13:33:18 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 03/09/2010 14:00:35 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 04/09/2010 13:06:04 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 04/09/2010 17:16:23 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 05/09/2010 09:03:33 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 06/09/2010 14:16:07 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 07/09/2010 07:32:13 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
< End of report >
-
The only things I can see are a couple of errors caused by MSE
Error - 04/09/2010 13:06:27 | Computer Name = harry-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 2.1.6805.0, time
stamp: 0x4bac57f2 Faulting module name: mssewat.dll, version: 1.0.1963.0, time stamp:
0x4c058b73 Exception code: 0xc0000005 Fault offset: 0x00000000000045a4 Faulting process
id: 0x834 Faulting application start time: 0x01cb4c5382a18a94 Faulting application
path: C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe Faulting module
path: C:\Program Files\Microsoft Security Essentials\mssewat.dll
and this:
Error - 02/09/2010 08:29:18 | Computer Name = harry-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
thanks dave results as follows
C:\Users\harry\Downloads\Awakening The Dreamless Castle (aka The Enchanted Castle) - HOG - Cracked\DreamCastle.exe multiple threats deleted - quarantined
E:\HARRY-PC\Backup Set 2010-08-19 220146\Backup Files 2010-08-19 220146\Backup files 4.zip multiple threats deleted - quarantined
-
You never did say what your problems were with your computer. Is it working any better?
-
You never did say what your problems were with your computer. Is it working any better?
ok , i cannot get into my e-mail account no matter what i try , its yahoo.co.uk it wants me to go to .com , it says my name and password are wrong so i thought there might be something in there changing things
all the web pages i open are normal but with yahoo its a half page and will not go bigger also i do not have any task bar or toolbars showing thats about it
broni is waiting for me to finish here with all the virus checks and then he will help me check out win7 maybe the fault is in there , harry
-
the tool and task bars seem to be back to normal its just the e-mail sign in now
-
Harry
What browser are we talking about here?
Did you try different browser?
-
you mean yahoo
-
Harry
I have no idea what Yahoo browser is.
I recall, some time in the past, some ISPs were providing some Yahoo browser, which was just ISP branded IE6, but I have no clue about its current status.
Why don't you use IE, or Firefox?
-
sorry , i use ie8
-
Close IE.
Go Start>All Programs>Accessories>System Tools, and click on Internet Explorer (no add-ons). Same thing?
Also, try Firefox and see, if you have same issues there.
-
this is what came up below
Internet Explorer is currently running without add-ons
All Internet Explorer add-ons, such as ActiveX controls or toolbars, are turned off. Some webpages might not display correctly.
To continue to your home page, click the Home button.
To browse using add-ons, close Internet Explorer and then start it again.
Check for the latest Windows updates.
How do browser add-ons affect my browsing experience?
-
Don't worry about it now.
Can you access your mail while running IE with no add-ons?
-
no access this is what i see
caps lock is off
Try the following hints.
Is the "Caps Lock" or "A" light on your keyboard on?
If so, hit "Caps Lock" key before trying again.
Did you forget or misspell your ID or password?
You can recover your ID and/or password by confirming your private information.
Still having trouble?
Try sign-in help.
Did you forget to include your full Yahoo! ID?
If so, please remember to use your full Yahoo! ID (e.g. [email protected]) to sign in.
Is this your sign-in seal? If it isn't, make sure you're on a legitimate Yahoo! web site.
can't change settings or get into yahoo forum as it needs my e-mail sign in
Change Sign-in Settings
What's this?
Sign in
to Yahoo!
Login Form
Invalid ID or password.
Please try again using your full Yahoo! ID.
Yahoo! ID
(e.g. [email protected])
Password
Keep me signed in
(Uncheck if on a shared computer)
Sign In
CAPS LOCK is On.
Your Yahoo! password is case sensitive.
I cannot access my account. | Help
Don't have a Yahoo! ID?
Create New Account
-
Harry
See, if you can access your mail through Firefox.
If still no go, restart computer in Safe Mode with Networking and see how it goes there.
-
broni , nothing worked :( do you think i should ring yahoo i have their freephone number here in n.ireland or is there something else to try , harry
-
You can give it a shot...
-
ok i'll let you know what the result is
-
broni i got the problem , i was in touch with yahoo in the states and they stopped my account , don't know why , so i opened up a new one and all is fine , the only thing is i have lost all my contacts in my address book
-
Unfortunately, I have no idea how to get your address book back in case of Yahoo mail :(
-
ok broni and thanks for your help