Computer not responding

P

poolwizard

Member
I recently installed a patch for a game, and then restarted my computer. Afterwards, after i booted my computer, it loaded fine onto the desktop, where it then started freezing and unresponding. Most of the icons in the bottom right in the taskbar never loaded, only my Avast opens and occasionally Advanced System Care, when i restart. I open Mozilla Firefox and it takes some time, where it then opens onto my Homepage: Google and freezes completely. All i can do is click Start. Opening My Computer is fine, but other programs causes my computer to freeze. I have done several system restores, back to when i never installed the patch, but it doesn't seem to work. :mad:

I was unsure how to install the patch and got a friend to help me on Teamviewer, could that be an issue? And could this be a virus/malware?

Thanks for your time,
Poolwizard
 

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768
Make a full anti virus scan
Download and make a full scan with malwarebytes.
Then report back with the results.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
richc46 said:
Make a full anti virus scan
Download and make a full scan with malwarebytes.
Then report back with the results.
Click to expand...
in safe mode?
 

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Hello poolwizard and welcome to the forums :party:

Can you do the following for me please?

CKScanner

Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Attach the log CKFiles.txt that has been created on your desktop with your next post

Malwarebytes Anti-Malware

Download and install MBAM from here
Run a full scan and attach the log with your next post for me to analyse

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
ok, i think this prlblem that i posted is gone, but when i open my computer, as it gets the to desktop, it just freezes for about 1 minute, where my internet connection has an X over it, and it eventually turns to the globe, and one icon on my desktop is blank, then eventually loads. I opened my internet to watch something on Youtube, where my computer froze again, yet the soubd on youtube was still playing, got any ideas on whats going on?
 

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768
i did the OTL scan, heres the things in the notepad:

OTL:

OTL logfile created on: 03/08/2011 11:51:28 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex Liu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 73.55% Memory free
5.72 Gb Paging File | 5.19 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.40 Gb Total Space | 199.62 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
Drive D: | 288.34 Gb Total Space | 279.87 Gb Free Space | 97.06% Space Free | Partition Type: NTFS
Drive Z: | 11.43 Gb Total Space | 0.50 Gb Free Space | 4.38% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex Liu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alex Liu\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Alex Liu\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FastUserSwitchingCompatibility) -- C:\Windows\Installer\AMDEx.msi ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdvancedSystemCareService) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (EagleXNt) -- C:\Windows\System32\drivers\EagleXNt.sys (AhnLab, Inc.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = %s - Crawler.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {1E315374-71A5-471A-B683-4C4ADB5C588B} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1203
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.7896
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\ALEXLI~1\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/24 09:43:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/16 16:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/15 01:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 17:14:57 | 000,000,000 | ---D | M]

[2010/10/06 16:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions
[2010/07/06 19:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/06 16:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/02 11:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions
[2010/08/14 14:58:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/02 15:13:08 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/07/06 11:53:44 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/07/02 12:47:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/07/21 00:16:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/08 20:14:39 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/08/14 14:58:37 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\cfxe@Triton
[2010/08/14 14:58:54 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\cfxHelper@Triton
[2010/07/06 19:52:53 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\[email protected]
[2011/07/02 12:47:44 | 000,000,000 | ---D | M] (Tab Scope) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\[email protected]
[2010/12/04 14:33:35 | 000,001,540 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\searchplugins\swagbuckscom.xml
[2011/08/02 11:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/23 01:29:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/22 17:14:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/06 23:44:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/13 00:35:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/16 16:05:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/06/22 17:14:54 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/06/22 17:14:54 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011/06/22 17:14:56 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/06/07 12:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/06/26 08:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 08:47:04 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2010/06/26 08:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010/06/26 08:47:04 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2010/06/26 08:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 08:47:04 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/06/26 08:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/06/26 08:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 111222.cn (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([kan] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([tvguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([vodguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([notice] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.net (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.com (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.net (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{79990606-014d-11e0-ab63-00248c4b7693}\Shell - "" = AutoRun
O33 - MountPoints2\{79990606-014d-11e0-ab63-00248c4b7693}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\{9a487b14-d159-11df-be1d-00248c4b7693}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{d12b056f-72a3-11e0-a691-00248c4b7693}\Shell - "" = AutoRun
O33 - MountPoints2\{d12b056f-72a3-11e0-a691-00248c4b7693}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 11:32:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/29 11:56:10 | 000,484,064 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\EagleXNt.sys
[2011/07/28 01:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/07/25 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011/07/25 16:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/07/24 17:53:25 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\Documents\RSBot
[2011/07/23 01:29:48 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Roaming\Skype
[2011/07/23 01:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/23 01:29:14 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/23 01:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/07/15 15:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/07/15 15:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Left 4 Dead 2
[2011/07/14 21:10:50 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\{fd08e1bd-ba42-4c5d-8213-8797fd5f5dc5}
[2011/07/14 21:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/07/14 21:08:36 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Roaming\SystemRequirementsLab
[2011/07/13 18:05:42 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\{CFE71322-034E-4A8A-9163-6BF7FF5FA11A}
[2011/07/13 05:53:39 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/13 05:53:37 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/13 05:53:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/07/09 13:12:52 | 000,839,680 | ---- | C] (www) -- C:\Windows\System32\LameACM.acm
[2011/07/06 14:22:01 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\{78E34C42-C29B-450F-AFAB-9D609C99DBCA}
[2011/07/06 12:17:26 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\NVIDIA Corporation
[2011/07/06 12:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA nTune Performance Application
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 11:48:00 | 000,612,604 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/03 11:48:00 | 000,109,322 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/03 11:46:56 | 000,459,264 | ---- | M] () -- C:\Users\Alex Liu\Desktop\CKScanner.exe
[2011/08/03 11:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/03 11:35:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 11:35:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 11:31:35 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/08/03 11:30:04 | 000,000,129 | ---- | M] () -- C:\Users\Alex Liu\jagex_runescape_preferences2.dat
[2011/08/03 11:26:47 | 000,000,046 | ---- | M] () -- C:\Users\Alex Liu\jagex_runescape_preferences.dat
[2011/08/03 03:08:30 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/08/01 22:32:29 | 000,484,064 | ---- | M] (AhnLab, Inc.) -- C:\Windows\System32\drivers\EagleXNt.sys
[2011/07/30 11:35:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/28 19:48:20 | 000,000,010 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy Login.ini
[2011/07/25 16:16:41 | 000,000,088 | ---- | M] () -- C:\Users\Alex Liu\Documents\www.ahk
[2011/07/25 16:14:15 | 000,000,187 | ---- | M] () -- C:\Users\Alex Liu\Documents\sss.ahk
[2011/07/25 16:13:43 | 000,001,351 | ---- | M] () -- C:\Users\Alex Liu\Documents\AutoHotkey.ahk
[2011/07/25 13:23:41 | 000,000,090 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy_poolwizard.ini
[2011/07/25 01:33:04 | 000,012,800 | ---- | M] () -- C:\Users\Alex Liu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 18:34:16 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/24 17:54:10 | 000,000,034 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBot_Accounts.ini
[2011/07/23 16:50:28 | 327,961,402 | ---- | M] () -- C:\Users\Alex Liu\Documents\clip0002.avi
[2011/07/23 16:48:48 | 321,242,210 | ---- | M] () -- C:\Users\Alex Liu\Documents\clip0001.avi
[2011/07/16 16:15:04 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/16 16:15:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/07/14 19:59:46 | 000,420,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/12 18:53:45 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/09 13:13:22 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\CAE Report Generator.lnk
[2011/07/09 13:12:58 | 000,067,863 | ---- | M] () -- C:\Windows\System32\x264vfw-uninstall.exe
[2011/07/08 17:00:06 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/07/04 12:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 11:46:56 | 000,459,264 | ---- | C] () -- C:\Users\Alex Liu\Desktop\CKScanner.exe
[2011/08/03 11:32:07 | 000,001,778 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/28 19:48:20 | 000,000,010 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy Login.ini
[2011/07/25 16:16:41 | 000,000,088 | ---- | C] () -- C:\Users\Alex Liu\Documents\www.ahk
[2011/07/25 16:14:15 | 000,000,187 | ---- | C] () -- C:\Users\Alex Liu\Documents\sss.ahk
[2011/07/25 16:13:43 | 000,001,351 | ---- | C] () -- C:\Users\Alex Liu\Documents\AutoHotkey.ahk
[2011/07/25 13:23:41 | 000,000,090 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy_poolwizard.ini
[2011/07/24 17:54:02 | 000,000,034 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBot_Accounts.ini
[2011/07/23 16:49:13 | 327,961,402 | ---- | C] () -- C:\Users\Alex Liu\Documents\clip0002.avi
[2011/07/23 16:47:30 | 321,242,210 | ---- | C] () -- C:\Users\Alex Liu\Documents\clip0001.avi
[2011/07/23 01:29:21 | 000,002,337 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/16 16:15:04 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/12 18:53:45 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/09 13:12:52 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011/05/07 23:45:38 | 000,046,658 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\room.dat
[2011/05/07 17:58:05 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/04/10 16:06:14 | 000,012,800 | ---- | C] () -- C:\Users\Alex Liu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 21:30:29 | 000,009,784 | -HS- | C] () -- C:\Users\Alex Liu\AppData\Local\5tp0jtoe6u6hrfanp5a74iam6f2067y4l
[2011/04/09 21:30:29 | 000,009,784 | -HS- | C] () -- C:\ProgramData\5tp0jtoe6u6hrfanp5a74iam6f2067y4l
[2011/04/09 21:30:09 | 000,004,152 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\BFB0.551
[2011/02/26 00:57:00 | 000,000,019 | ---- | C] () -- C:\Windows\powerlist.ini
[2011/02/23 16:43:47 | 000,000,306 | ---- | C] () -- C:\Windows\powerplayer.ini
[2011/02/23 16:43:47 | 000,000,116 | ---- | C] () -- C:\Windows\psnetwork.ini
[2011/02/02 17:41:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/30 17:58:02 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011/01/07 18:33:55 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/07 18:33:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/07 18:33:49 | 000,067,863 | ---- | C] () -- C:\Windows\System32\x264vfw-uninstall.exe
[2010/09/11 16:29:54 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010/08/17 22:21:02 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2010/08/17 22:21:02 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/08/17 22:20:52 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/08/03 23:38:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/03 23:37:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/14 07:55:38 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/06 19:50:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/06 19:46:13 | 000,000,680 | ---- | C] () -- C:\Users\Alex Liu\AppData\Local\d3d9caps.dat
[2010/07/06 19:42:45 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010/02/17 07:44:36 | 000,014,848 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2010/02/17 07:44:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 07:35:54 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/03/17 12:05:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/17 05:00:23 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2009/03/17 04:26:26 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/03/17 04:26:26 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,420,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,612,604 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,322 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/09/06 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\CAE_Report_Generator
[2011/01/30 17:23:25 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Canon
[2011/07/16 19:28:37 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\EpicBot
[2011/05/28 12:33:39 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\GameRanger
[2011/04/26 09:18:28 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\ijjigame
[2011/07/28 01:59:52 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\IObit
[2010/10/28 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Leadertech
[2011/01/30 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\muvee Technologies
[2011/04/07 22:49:20 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\PPLive
[2011/04/07 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\PPStream
[2011/02/15 23:44:27 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\RoboForm
[2011/03/23 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Spyware Terminator
[2011/07/17 00:58:48 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\SystemRequirementsLab
[2011/08/03 11:48:02 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\TeraCopy
[2010/10/06 16:23:56 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\TomTom
[2011/06/17 07:39:56 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\uTorrent
[2010/07/07 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\WinBatch
[2011/05/21 16:16:22 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\WinFF
[2011/08/03 03:08:30 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2011/07/08 17:00:06 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2011/05/12 15:55:41 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/08/03 03:17:24 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Extras:


OTL Extras logfile created on: 03/08/2011 11:51:28 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex Liu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 73.55% Memory free
5.72 Gb Paging File | 5.19 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.40 Gb Total Space | 199.62 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
Drive D: | 288.34 Gb Total Space | 279.87 Gb Free Space | 97.06% Space Free | Partition Type: NTFS
Drive Z: | 11.43 Gb Total Space | 0.50 Gb Free Space | 4.38% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex Liu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECB1E6-C7DA-4EB4-AB0E-EDB27450A405}" = lport=45682 | protocol=6 | dir=in | name=utorrent fast dl speed 456 |
"{04298C5D-585D-4FE2-A264-2D77D4B46F22}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0B082FA7-2271-4785-959F-931F0388167C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{0EF2EC94-0C3A-4A3E-B1F8-C2B8665FB0A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{0FBD4740-D5BB-4E84-83BA-F691FD500653}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{152AAA7B-7431-4D3A-85DB-BFE9143E5C8F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1B30FA79-AF97-4D5A-8851-E68853318EDA}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E7BAA91-9539-4B43-916A-590CD5B63172}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{2395BF87-C69B-4858-ADE5-985A68905AE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2813E387-298F-4F47-9487-2ABA69157035}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2AFF6F63-8DB2-43AA-AC51-52582D0B4987}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{33652882-7158-4328-9FDA-B5997C2E38B0}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E601F71-A1B4-4CB5-A14E-F9C800BEE803}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40A33D9C-5BB7-4EAB-B350-DC4113771B70}" = lport=138 | protocol=17 | dir=in | app=system |
"{40F4F03F-0F55-468A-B94F-530DBBA9ADAB}" = lport=45682 | protocol=17 | dir=in | name=utorrent fast dl speed 456 |
"{4B10A00C-4926-4063-9A12-7409373F2D10}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4B6D1421-1B3D-4476-A1F9-70A4C1324724}" = lport=138 | protocol=17 | dir=in | app=system |
"{4CC0CEAF-7EB8-472E-A397-470BBF848C2A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{581D0942-321F-49EF-8A89-34F6253303BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{5D5B3500-0249-4190-B1CE-598AFAEECD6C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{63CB72B4-3CDC-4CCF-A47A-F59CB7A93A76}" = lport=5358 | protocol=6 | dir=in | app=system |
"{78847704-3D25-4EEA-AD83-3AFB47B0CC35}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{87B295AD-A84D-4618-B165-56C53304506D}" = lport=139 | protocol=6 | dir=in | app=system |
"{89F51377-DCAA-4E32-AD5A-443C8B56193E}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A59BDC5-9C39-4B2F-AC17-E655B5979B98}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97791781-45C4-4DDE-BA81-CF87B68197A4}" = rport=5358 | protocol=6 | dir=out | app=system |
"{A5EA6027-6DEC-4FC1-98EF-8839D4E7ED15}" = lport=5357 | protocol=6 | dir=in | app=system |
"{B543BF3A-F1B1-406C-A535-48CEE6D24331}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9615D0F-FBEF-47D9-BCCE-C88BCFDD8AB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC289D70-D000-4EB0-8B16-2CF11BBBB313}" = rport=137 | protocol=17 | dir=out | app=system |
"{DEED6D8A-F8F4-41F8-8EAE-58AEFF5F301F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E97E3D94-AA54-4C06-ABDA-C75F10146DCB}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA8A4483-FB78-49B1-83BA-26223EDC509F}" = rport=445 | protocol=6 | dir=out | app=system |
"{F29E5B14-759D-4BF2-BD72-5F05B616E2F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{FD32F624-0DFE-4A6E-AFF7-F01B1C59B1BA}" = rport=5357 | protocol=6 | dir=out | app=system |
"{FE1DA784-6121-4188-B275-6E891228F926}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F79167-3E36-46A6-80DF-7209C62C9525}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{0A7C3FBC-23F3-4039-8CF6-7E5205FCC39D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0C278299-1876-4A05-9069-C9891C641616}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{16BA9FE1-7C73-4B13-909D-DBDB39B04163}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{16C11291-0F2E-44EF-98B3-20AB0B555B84}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{17F90C47-71FE-405C-9E67-7988610C03A4}" = protocol=6 | dir=out | app=system |
"{2E8C56D5-3DC2-4CFC-AF51-243B438FAEC3}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{37489F24-A5D6-45CE-B9D6-A61BD79133BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3910B69C-F5FF-4F8E-A9F0-2A9397E1131B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3CC2EB98-306F-4257-A597-37506E2BB08B}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{3D87B443-A08A-4654-8A5B-4DD12AC12D76}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{3E5C907C-D1F3-4405-8703-EC053784F8BB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{45DA34FE-1A13-49C2-93E2-A512EBDD3C40}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\combatarms.exe |
"{48C57F4F-D89B-4AEF-96CE-C273F112167C}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{5004926E-EDC6-4E62-AAFD-C636C53B7068}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{5171AD13-933E-43DA-B9B0-A3A62A904063}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{56630BA3-67BB-46D8-AC5B-4561C1AF41F7}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{57C92EAF-4FAC-472E-B26E-66F2CF593478}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{58CCABCE-2FE5-435D-82FB-1EB07B80BD4E}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{5AB11638-F5E4-4F25-ADCF-ED974E9BF141}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6835DE15-E11F-4C9D-8090-BC5277960673}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{69BB76D1-D6BE-4E48-9EA6-BD0405C14D71}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{6D5075E4-AE85-48D3-BB8B-5812B7A355E7}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{746C3747-CC26-4CF2-A6F8-7A338F8CBCE2}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{81C26EFB-6950-443D-8E88-A303F70C79A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8B0B2E06-19F0-4085-9F79-2CBBC905086D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{934E08E6-A6D4-4463-9683-309EA1A5516C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{94F46DAF-507A-4087-916A-C40433F0E939}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{97071492-EA9C-4720-AB9E-2C6BE7E98E19}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{97279D71-4916-45D0-9A65-5EAF92CBA268}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{A0298182-8882-4BDA-9BB2-1885A4E3C7EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AA27A728-C7DC-406B-BA41-675425ED2E46}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AB7331E6-5A3B-430A-9B7D-47E91B920144}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C80441E1-A0D6-4E57-A0E6-263C69F7C1B8}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{D38C23DF-009E-41C0-A4A8-D4EE2A391FAF}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{D7BE8FBC-3120-4C28-B647-3C7098115924}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{DACBDC6D-9D52-48D7-B14E-F5914BFEB359}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{DF476873-C749-4A46-A91A-7BD7E91D6A6F}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{DF5E623B-127C-4621-B88C-A20F56806045}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E846130B-2692-46CE-BA31-089C636FF7A3}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\combatarms.exe |
"{F7773322-7CAE-41ED-BC87-EC50313E912F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F9E91079-6C0E-4054-BEB7-A7CFD9851DEA}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{FAAFA4F8-A9BB-4D11-BC34-F87320F5B3B3}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"TCP Query User{05133DF5-596F-4E2C-9D7E-84D9AE5BA8C9}C:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{0F994954-C87E-4152-9E73-17F7D85CA8F5}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"TCP Query User{1BF59AAE-F611-4133-98D3-674F017024AF}C:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe |
"TCP Query User{1E60B82A-111A-44C2-A4EC-3AFAAD64D833}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{36CA3F61-4BF8-45FE-B604-29311EEBC53C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{58D19E61-E121-4123-A50C-272070BF9888}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{5EE7CF08-A869-4203-83B3-5203B475CC2D}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{673BE8B2-FB0E-4322-A7F8-A1B042A30E37}C:\program files\windows media player\wmplayer.exe" = protocol=6 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{7512CED8-C77A-4528-B6DF-A1994A5CB9C9}C:\program files\jghdtv\kernel\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\pplive\pplive.exe |
"TCP Query User{8437E410-27A6-47DD-8C6A-6F7DF91F0D4E}C:\program files\jghdtv\jghdtv.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\jghdtv.exe |
"TCP Query User{893A8BB8-63A3-4A72-BD2E-5AB72C50E2F2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{93134232-F9EA-4342-AC1A-31FD2762693C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{94DAB03C-4E46-4B9A-AB2F-609BCE5D38E1}C:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{9F0EC9CA-D3CB-41FE-AD5E-EE59E4C8EEE4}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{A2C18269-8655-4753-8B7F-10947A9295AD}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{BC291EA5-51B9-4FBA-B87F-4BDB01798839}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C044AC80-0D85-45B1-8E24-833B7FC6B4D9}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{C332089F-1FD5-41BB-AEE1-17531A6809F0}C:\program files\jghdtv\kernel\pipi\jfcachemgr.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\pipi\jfcachemgr.exe |
"TCP Query User{C89280C3-661E-4C28-87B7-AA6E57FFB775}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{CDA088A1-1B8C-4C43-8C2B-6808BCC43FB3}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{D9749E52-CB36-47F2-BD23-360AEB4AC359}C:\program files\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\reactor\reactor.exe |
"TCP Query User{DB6CE6BC-BC0E-4E71-959F-F9FFB07368B7}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{ECD6D185-DFBE-4047-9713-0DEF2ADA36E8}C:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe |
"TCP Query User{FCBB4E58-4241-4785-BA11-90210E5E0FCD}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |
"UDP Query User{045E3184-2734-4CEB-ABD6-E650B5A91365}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |
"UDP Query User{08F50852-2BEE-4EEC-BD91-E4A022415C8A}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{0B019FF1-F2DB-4046-BB8E-82EEFD1A1232}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{0D4A38FA-3505-47FE-8527-3C394321DB62}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{0E620060-F80A-452B-8BD0-BD363BFEBB47}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{1BFD4A5B-3EFD-4CAF-8B61-0F898168F128}C:\program files\jghdtv\jghdtv.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\jghdtv.exe |
"UDP Query User{1C5D25A8-AF03-4B6C-A8EE-8F3752CDD78C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{231EB901-0807-4F96-AB65-EFB310F75356}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"UDP Query User{30788178-04A6-434C-98ED-E378DAE34A1F}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{3C663AAF-892C-4F4F-A616-400BE9AB5EF7}C:\program files\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\reactor\reactor.exe |
"UDP Query User{448C9354-7F61-49C5-8B3E-5B67E600D8E7}C:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{58F8F5CB-16FC-4BDA-AB0D-28520996D5A3}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{6956E085-C7BD-4287-A242-E45E860B9452}C:\program files\windows media player\wmplayer.exe" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"UDP Query User{7540BBCA-06E5-429B-A4C6-271990DCA17D}C:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe |
"UDP Query User{7E937F8E-8106-420A-A639-88AAA941E9A9}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{8315B340-95FE-4C2B-8A2F-798FCD37B56C}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{A89E8455-4658-4C01-8BF7-A1587126376D}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{AB25E870-975C-47A2-BE04-17AAB389CE35}C:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{ABDDA524-337D-48A7-90DB-3EB965D44AEA}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{AEBC5A20-B3CE-472B-9B15-5B7A3F69ED35}C:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe |
"UDP Query User{C78C8FD6-A30C-48CF-AA21-A388472EFABC}C:\program files\jghdtv\kernel\pipi\jfcachemgr.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\pipi\jfcachemgr.exe |
"UDP Query User{D4A255B5-C99F-4FC4-A572-F7B9216BC2E1}C:\program files\jghdtv\kernel\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\pplive\pplive.exe |
"UDP Query User{DED19C27-1B47-4F4C-B78A-99428C53CA3F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E656F94B-FAEB-4B30-8BFD-0BC29352D30D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7A181D43-86AE-4362-91BF-5C01A19653D7}_is1" = MiniTool Partition Wizard Professional Edition 6.0
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}" = LightScribe System Software 1.14.32.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7849D41-0A46-457D-827D-00FF47AF2D85}_is1" = CAE Report Generator v1.092
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"¼«¹â¸ßÇåµçÓ°µçÊÓ JGHDTV 2009" = ¼«¹â¸ßÇåµçÓ°µçÊÓ JGHDTV 2009 v1.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AutoHotkey" = AutoHotkey 1.1.00.01
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Combat Arms EU" = Combat Arms EU
"Defraggler" = Defraggler
"Duke Nukem Forever_is1" = Duke Nukem Forever
"EpicBot" = EpicBot
"Fraps" = Fraps (remove only)
"Garena" = Garena 2010
"HyperCam 2" = HyperCam 2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"L4D2SP" = Left 4 Dead 2 Standalone Patch™
"L4D2SPUC" = Left 4 Dead 2 Standalone Patch™
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PowerISO" = PowerISO
"pywin32-py2.6" = Python 2.6 pywin32-212
"SMAC 2.0" = SMAC 2.0
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeraCopy_is1" = TeraCopy 2.12
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"TomTom HOME" = TomTom HOME 2.7.6.2056
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/07/2011 06:34:55 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/07/2011 16:46:55 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 26/07/2011 07:07:08 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/07/2011 06:34:05 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/07/2011 06:28:27 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2011 06:22:00 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2011 17:51:39 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/07/2011 06:35:43 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/07/2011 23:04:18 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/07/2011 19:47:08 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 07/07/2010 12:14:28 | Computer Name = Alex-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 03/08/2011 06:34:55 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:35:08 | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:33:44 on 03/08/2011 was unexpected.

Error - 03/08/2011 06:43:12 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:43:20 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:43:33 | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:38:08 on 03/08/2011 was unexpected.

Error - 03/08/2011 06:43:48 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:43:56 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:43:58 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:45:08 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 03/08/2011 06:45:08 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768
i did the OTL scan, heres the things in the notepad:

OTL:

OTL logfile created on: 03/08/2011 11:51:28 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex Liu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 73.55% Memory free
5.72 Gb Paging File | 5.19 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.40 Gb Total Space | 199.62 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
Drive D: | 288.34 Gb Total Space | 279.87 Gb Free Space | 97.06% Space Free | Partition Type: NTFS
Drive Z: | 11.43 Gb Total Space | 0.50 Gb Free Space | 4.38% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex Liu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alex Liu\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Alex Liu\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FastUserSwitchingCompatibility) -- C:\Windows\Installer\AMDEx.msi ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdvancedSystemCareService) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (EagleXNt) -- C:\Windows\System32\drivers\EagleXNt.sys (AhnLab, Inc.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = %s - Crawler.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {1E315374-71A5-471A-B683-4C4ADB5C588B} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1203
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.7896
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\ALEXLI~1\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/24 09:43:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/16 16:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/15 01:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 17:14:57 | 000,000,000 | ---D | M]

[2010/10/06 16:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions
[2010/07/06 19:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/06 16:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/08/02 11:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions
[2010/08/14 14:58:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/02 15:13:08 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/07/06 11:53:44 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/07/02 12:47:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/07/21 00:16:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/08 20:14:39 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/08/14 14:58:37 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\cfxe@Triton
[2010/08/14 14:58:54 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\cfxHelper@Triton
[2010/07/06 19:52:53 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\[email protected]
[2011/07/02 12:47:44 | 000,000,000 | ---D | M] (Tab Scope) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\[email protected]
[2010/12/04 14:33:35 | 000,001,540 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\searchplugins\swagbuckscom.xml
[2011/08/02 11:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/23 01:29:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/22 17:14:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/06 23:44:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/13 00:35:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/16 16:05:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/06/22 17:14:54 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/06/22 17:14:54 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011/06/22 17:14:56 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/06/07 12:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/06/26 08:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 08:47:04 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2010/06/26 08:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010/06/26 08:47:04 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2010/06/26 08:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 08:47:04 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/06/26 08:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/06/26 08:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 111222.cn (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([kan] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([tvguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([vodguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([notice] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.net (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.com (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.net (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{79990606-014d-11e0-ab63-00248c4b7693}\Shell - "" = AutoRun
O33 - MountPoints2\{79990606-014d-11e0-ab63-00248c4b7693}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\{9a487b14-d159-11df-be1d-00248c4b7693}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{d12b056f-72a3-11e0-a691-00248c4b7693}\Shell - "" = AutoRun
O33 - MountPoints2\{d12b056f-72a3-11e0-a691-00248c4b7693}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 11:32:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/29 11:56:10 | 000,484,064 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\EagleXNt.sys
[2011/07/28 01:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/07/25 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011/07/25 16:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/07/24 17:53:25 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\Documents\RSBot
[2011/07/23 01:29:48 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Roaming\Skype
[2011/07/23 01:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/23 01:29:14 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/23 01:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/07/15 15:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/07/15 15:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Left 4 Dead 2
[2011/07/14 21:10:50 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\{fd08e1bd-ba42-4c5d-8213-8797fd5f5dc5}
[2011/07/14 21:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/07/14 21:08:36 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Roaming\SystemRequirementsLab
[2011/07/13 18:05:42 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\{CFE71322-034E-4A8A-9163-6BF7FF5FA11A}
[2011/07/13 05:53:39 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/13 05:53:37 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/13 05:53:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/07/09 13:12:52 | 000,839,680 | ---- | C] (www) -- C:\Windows\System32\LameACM.acm
[2011/07/06 14:22:01 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\{78E34C42-C29B-450F-AFAB-9D609C99DBCA}
[2011/07/06 12:17:26 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\NVIDIA Corporation
[2011/07/06 12:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA nTune Performance Application
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 11:48:00 | 000,612,604 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/03 11:48:00 | 000,109,322 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/03 11:46:56 | 000,459,264 | ---- | M] () -- C:\Users\Alex Liu\Desktop\CKScanner.exe
[2011/08/03 11:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/03 11:35:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 11:35:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 11:31:35 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/08/03 11:30:04 | 000,000,129 | ---- | M] () -- C:\Users\Alex Liu\jagex_runescape_preferences2.dat
[2011/08/03 11:26:47 | 000,000,046 | ---- | M] () -- C:\Users\Alex Liu\jagex_runescape_preferences.dat
[2011/08/03 03:08:30 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/08/01 22:32:29 | 000,484,064 | ---- | M] (AhnLab, Inc.) -- C:\Windows\System32\drivers\EagleXNt.sys
[2011/07/30 11:35:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/28 19:48:20 | 000,000,010 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy Login.ini
[2011/07/25 16:16:41 | 000,000,088 | ---- | M] () -- C:\Users\Alex Liu\Documents\www.ahk
[2011/07/25 16:14:15 | 000,000,187 | ---- | M] () -- C:\Users\Alex Liu\Documents\sss.ahk
[2011/07/25 16:13:43 | 000,001,351 | ---- | M] () -- C:\Users\Alex Liu\Documents\AutoHotkey.ahk
[2011/07/25 13:23:41 | 000,000,090 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy_poolwizard.ini
[2011/07/25 01:33:04 | 000,012,800 | ---- | M] () -- C:\Users\Alex Liu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 18:34:16 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/24 17:54:10 | 000,000,034 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBot_Accounts.ini
[2011/07/23 16:50:28 | 327,961,402 | ---- | M] () -- C:\Users\Alex Liu\Documents\clip0002.avi
[2011/07/23 16:48:48 | 321,242,210 | ---- | M] () -- C:\Users\Alex Liu\Documents\clip0001.avi
[2011/07/16 16:15:04 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/16 16:15:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/07/14 19:59:46 | 000,420,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/12 18:53:45 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/09 13:13:22 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\CAE Report Generator.lnk
[2011/07/09 13:12:58 | 000,067,863 | ---- | M] () -- C:\Windows\System32\x264vfw-uninstall.exe
[2011/07/08 17:00:06 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/07/04 12:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 11:46:56 | 000,459,264 | ---- | C] () -- C:\Users\Alex Liu\Desktop\CKScanner.exe
[2011/08/03 11:32:07 | 000,001,778 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/28 19:48:20 | 000,000,010 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy Login.ini
[2011/07/25 16:16:41 | 000,000,088 | ---- | C] () -- C:\Users\Alex Liu\Documents\www.ahk
[2011/07/25 16:14:15 | 000,000,187 | ---- | C] () -- C:\Users\Alex Liu\Documents\sss.ahk
[2011/07/25 16:13:43 | 000,001,351 | ---- | C] () -- C:\Users\Alex Liu\Documents\AutoHotkey.ahk
[2011/07/25 13:23:41 | 000,000,090 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy_poolwizard.ini
[2011/07/24 17:54:02 | 000,000,034 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBot_Accounts.ini
[2011/07/23 16:49:13 | 327,961,402 | ---- | C] () -- C:\Users\Alex Liu\Documents\clip0002.avi
[2011/07/23 16:47:30 | 321,242,210 | ---- | C] () -- C:\Users\Alex Liu\Documents\clip0001.avi
[2011/07/23 01:29:21 | 000,002,337 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/16 16:15:04 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/12 18:53:45 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/09 13:12:52 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011/05/07 23:45:38 | 000,046,658 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\room.dat
[2011/05/07 17:58:05 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/04/10 16:06:14 | 000,012,800 | ---- | C] () -- C:\Users\Alex Liu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 21:30:29 | 000,009,784 | -HS- | C] () -- C:\Users\Alex Liu\AppData\Local\5tp0jtoe6u6hrfanp5a74iam6f2067y4l
[2011/04/09 21:30:29 | 000,009,784 | -HS- | C] () -- C:\ProgramData\5tp0jtoe6u6hrfanp5a74iam6f2067y4l
[2011/04/09 21:30:09 | 000,004,152 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\BFB0.551
[2011/02/26 00:57:00 | 000,000,019 | ---- | C] () -- C:\Windows\powerlist.ini
[2011/02/23 16:43:47 | 000,000,306 | ---- | C] () -- C:\Windows\powerplayer.ini
[2011/02/23 16:43:47 | 000,000,116 | ---- | C] () -- C:\Windows\psnetwork.ini
[2011/02/02 17:41:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/30 17:58:02 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011/01/07 18:33:55 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/07 18:33:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/07 18:33:49 | 000,067,863 | ---- | C] () -- C:\Windows\System32\x264vfw-uninstall.exe
[2010/09/11 16:29:54 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010/08/17 22:21:02 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2010/08/17 22:21:02 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/08/17 22:20:52 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/08/03 23:38:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/03 23:37:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/14 07:55:38 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/06 19:50:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/06 19:46:13 | 000,000,680 | ---- | C] () -- C:\Users\Alex Liu\AppData\Local\d3d9caps.dat
[2010/07/06 19:42:45 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010/02/17 07:44:36 | 000,014,848 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2010/02/17 07:44:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 07:35:54 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/03/17 12:05:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/17 05:00:23 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2009/03/17 04:26:26 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/03/17 04:26:26 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,420,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,612,604 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,322 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/09/06 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\CAE_Report_Generator
[2011/01/30 17:23:25 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Canon
[2011/07/16 19:28:37 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\EpicBot
[2011/05/28 12:33:39 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\GameRanger
[2011/04/26 09:18:28 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\ijjigame
[2011/07/28 01:59:52 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\IObit
[2010/10/28 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Leadertech
[2011/01/30 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\muvee Technologies
[2011/04/07 22:49:20 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\PPLive
[2011/04/07 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\PPStream
[2011/02/15 23:44:27 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\RoboForm
[2011/03/23 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Spyware Terminator
[2011/07/17 00:58:48 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\SystemRequirementsLab
[2011/08/03 11:48:02 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\TeraCopy
[2010/10/06 16:23:56 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\TomTom
[2011/06/17 07:39:56 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\uTorrent
[2010/07/07 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\WinBatch
[2011/05/21 16:16:22 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\WinFF
[2011/08/03 03:08:30 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2011/07/08 17:00:06 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2011/05/12 15:55:41 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/08/03 03:17:24 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Extras:


OTL Extras logfile created on: 03/08/2011 11:51:28 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex Liu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 73.55% Memory free
5.72 Gb Paging File | 5.19 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.40 Gb Total Space | 199.62 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
Drive D: | 288.34 Gb Total Space | 279.87 Gb Free Space | 97.06% Space Free | Partition Type: NTFS
Drive Z: | 11.43 Gb Total Space | 0.50 Gb Free Space | 4.38% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex Liu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECB1E6-C7DA-4EB4-AB0E-EDB27450A405}" = lport=45682 | protocol=6 | dir=in | name=utorrent fast dl speed 456 |
"{04298C5D-585D-4FE2-A264-2D77D4B46F22}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0B082FA7-2271-4785-959F-931F0388167C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{0EF2EC94-0C3A-4A3E-B1F8-C2B8665FB0A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{0FBD4740-D5BB-4E84-83BA-F691FD500653}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{152AAA7B-7431-4D3A-85DB-BFE9143E5C8F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1B30FA79-AF97-4D5A-8851-E68853318EDA}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E7BAA91-9539-4B43-916A-590CD5B63172}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{2395BF87-C69B-4858-ADE5-985A68905AE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2813E387-298F-4F47-9487-2ABA69157035}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2AFF6F63-8DB2-43AA-AC51-52582D0B4987}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{33652882-7158-4328-9FDA-B5997C2E38B0}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E601F71-A1B4-4CB5-A14E-F9C800BEE803}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40A33D9C-5BB7-4EAB-B350-DC4113771B70}" = lport=138 | protocol=17 | dir=in | app=system |
"{40F4F03F-0F55-468A-B94F-530DBBA9ADAB}" = lport=45682 | protocol=17 | dir=in | name=utorrent fast dl speed 456 |
"{4B10A00C-4926-4063-9A12-7409373F2D10}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4B6D1421-1B3D-4476-A1F9-70A4C1324724}" = lport=138 | protocol=17 | dir=in | app=system |
"{4CC0CEAF-7EB8-472E-A397-470BBF848C2A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{581D0942-321F-49EF-8A89-34F6253303BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{5D5B3500-0249-4190-B1CE-598AFAEECD6C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{63CB72B4-3CDC-4CCF-A47A-F59CB7A93A76}" = lport=5358 | protocol=6 | dir=in | app=system |
"{78847704-3D25-4EEA-AD83-3AFB47B0CC35}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{87B295AD-A84D-4618-B165-56C53304506D}" = lport=139 | protocol=6 | dir=in | app=system |
"{89F51377-DCAA-4E32-AD5A-443C8B56193E}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A59BDC5-9C39-4B2F-AC17-E655B5979B98}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97791781-45C4-4DDE-BA81-CF87B68197A4}" = rport=5358 | protocol=6 | dir=out | app=system |
"{A5EA6027-6DEC-4FC1-98EF-8839D4E7ED15}" = lport=5357 | protocol=6 | dir=in | app=system |
"{B543BF3A-F1B1-406C-A535-48CEE6D24331}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9615D0F-FBEF-47D9-BCCE-C88BCFDD8AB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC289D70-D000-4EB0-8B16-2CF11BBBB313}" = rport=137 | protocol=17 | dir=out | app=system |
"{DEED6D8A-F8F4-41F8-8EAE-58AEFF5F301F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E97E3D94-AA54-4C06-ABDA-C75F10146DCB}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA8A4483-FB78-49B1-83BA-26223EDC509F}" = rport=445 | protocol=6 | dir=out | app=system |
"{F29E5B14-759D-4BF2-BD72-5F05B616E2F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{FD32F624-0DFE-4A6E-AFF7-F01B1C59B1BA}" = rport=5357 | protocol=6 | dir=out | app=system |
"{FE1DA784-6121-4188-B275-6E891228F926}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F79167-3E36-46A6-80DF-7209C62C9525}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{0A7C3FBC-23F3-4039-8CF6-7E5205FCC39D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0C278299-1876-4A05-9069-C9891C641616}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{16BA9FE1-7C73-4B13-909D-DBDB39B04163}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{16C11291-0F2E-44EF-98B3-20AB0B555B84}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{17F90C47-71FE-405C-9E67-7988610C03A4}" = protocol=6 | dir=out | app=system |
"{2E8C56D5-3DC2-4CFC-AF51-243B438FAEC3}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{37489F24-A5D6-45CE-B9D6-A61BD79133BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3910B69C-F5FF-4F8E-A9F0-2A9397E1131B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3CC2EB98-306F-4257-A597-37506E2BB08B}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{3D87B443-A08A-4654-8A5B-4DD12AC12D76}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{3E5C907C-D1F3-4405-8703-EC053784F8BB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{45DA34FE-1A13-49C2-93E2-A512EBDD3C40}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\combatarms.exe |
"{48C57F4F-D89B-4AEF-96CE-C273F112167C}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{5004926E-EDC6-4E62-AAFD-C636C53B7068}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{5171AD13-933E-43DA-B9B0-A3A62A904063}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{56630BA3-67BB-46D8-AC5B-4561C1AF41F7}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{57C92EAF-4FAC-472E-B26E-66F2CF593478}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{58CCABCE-2FE5-435D-82FB-1EB07B80BD4E}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{5AB11638-F5E4-4F25-ADCF-ED974E9BF141}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6835DE15-E11F-4C9D-8090-BC5277960673}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{69BB76D1-D6BE-4E48-9EA6-BD0405C14D71}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{6D5075E4-AE85-48D3-BB8B-5812B7A355E7}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{746C3747-CC26-4CF2-A6F8-7A338F8CBCE2}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{81C26EFB-6950-443D-8E88-A303F70C79A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8B0B2E06-19F0-4085-9F79-2CBBC905086D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{934E08E6-A6D4-4463-9683-309EA1A5516C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{94F46DAF-507A-4087-916A-C40433F0E939}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{97071492-EA9C-4720-AB9E-2C6BE7E98E19}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{97279D71-4916-45D0-9A65-5EAF92CBA268}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{A0298182-8882-4BDA-9BB2-1885A4E3C7EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AA27A728-C7DC-406B-BA41-675425ED2E46}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AB7331E6-5A3B-430A-9B7D-47E91B920144}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C80441E1-A0D6-4E57-A0E6-263C69F7C1B8}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{D38C23DF-009E-41C0-A4A8-D4EE2A391FAF}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{D7BE8FBC-3120-4C28-B647-3C7098115924}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{DACBDC6D-9D52-48D7-B14E-F5914BFEB359}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{DF476873-C749-4A46-A91A-7BD7E91D6A6F}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{DF5E623B-127C-4621-B88C-A20F56806045}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E846130B-2692-46CE-BA31-089C636FF7A3}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\combatarms.exe |
"{F7773322-7CAE-41ED-BC87-EC50313E912F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F9E91079-6C0E-4054-BEB7-A7CFD9851DEA}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{FAAFA4F8-A9BB-4D11-BC34-F87320F5B3B3}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"TCP Query User{05133DF5-596F-4E2C-9D7E-84D9AE5BA8C9}C:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{0F994954-C87E-4152-9E73-17F7D85CA8F5}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"TCP Query User{1BF59AAE-F611-4133-98D3-674F017024AF}C:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe |
"TCP Query User{1E60B82A-111A-44C2-A4EC-3AFAAD64D833}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{36CA3F61-4BF8-45FE-B604-29311EEBC53C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{58D19E61-E121-4123-A50C-272070BF9888}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{5EE7CF08-A869-4203-83B3-5203B475CC2D}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{673BE8B2-FB0E-4322-A7F8-A1B042A30E37}C:\program files\windows media player\wmplayer.exe" = protocol=6 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{7512CED8-C77A-4528-B6DF-A1994A5CB9C9}C:\program files\jghdtv\kernel\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\pplive\pplive.exe |
"TCP Query User{8437E410-27A6-47DD-8C6A-6F7DF91F0D4E}C:\program files\jghdtv\jghdtv.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\jghdtv.exe |
"TCP Query User{893A8BB8-63A3-4A72-BD2E-5AB72C50E2F2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{93134232-F9EA-4342-AC1A-31FD2762693C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{94DAB03C-4E46-4B9A-AB2F-609BCE5D38E1}C:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{9F0EC9CA-D3CB-41FE-AD5E-EE59E4C8EEE4}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{A2C18269-8655-4753-8B7F-10947A9295AD}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{BC291EA5-51B9-4FBA-B87F-4BDB01798839}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C044AC80-0D85-45B1-8E24-833B7FC6B4D9}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{C332089F-1FD5-41BB-AEE1-17531A6809F0}C:\program files\jghdtv\kernel\pipi\jfcachemgr.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\pipi\jfcachemgr.exe |
"TCP Query User{C89280C3-661E-4C28-87B7-AA6E57FFB775}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{CDA088A1-1B8C-4C43-8C2B-6808BCC43FB3}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{D9749E52-CB36-47F2-BD23-360AEB4AC359}C:\program files\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\reactor\reactor.exe |
"TCP Query User{DB6CE6BC-BC0E-4E71-959F-F9FFB07368B7}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{ECD6D185-DFBE-4047-9713-0DEF2ADA36E8}C:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe |
"TCP Query User{FCBB4E58-4241-4785-BA11-90210E5E0FCD}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |
"UDP Query User{045E3184-2734-4CEB-ABD6-E650B5A91365}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |
"UDP Query User{08F50852-2BEE-4EEC-BD91-E4A022415C8A}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{0B019FF1-F2DB-4046-BB8E-82EEFD1A1232}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{0D4A38FA-3505-47FE-8527-3C394321DB62}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{0E620060-F80A-452B-8BD0-BD363BFEBB47}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{1BFD4A5B-3EFD-4CAF-8B61-0F898168F128}C:\program files\jghdtv\jghdtv.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\jghdtv.exe |
"UDP Query User{1C5D25A8-AF03-4B6C-A8EE-8F3752CDD78C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{231EB901-0807-4F96-AB65-EFB310F75356}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"UDP Query User{30788178-04A6-434C-98ED-E378DAE34A1F}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{3C663AAF-892C-4F4F-A616-400BE9AB5EF7}C:\program files\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\reactor\reactor.exe |
"UDP Query User{448C9354-7F61-49C5-8B3E-5B67E600D8E7}C:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{58F8F5CB-16FC-4BDA-AB0D-28520996D5A3}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{6956E085-C7BD-4287-A242-E45E860B9452}C:\program files\windows media player\wmplayer.exe" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"UDP Query User{7540BBCA-06E5-429B-A4C6-271990DCA17D}C:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe |
"UDP Query User{7E937F8E-8106-420A-A639-88AAA941E9A9}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{8315B340-95FE-4C2B-8A2F-798FCD37B56C}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{A89E8455-4658-4C01-8BF7-A1587126376D}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{AB25E870-975C-47A2-BE04-17AAB389CE35}C:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{ABDDA524-337D-48A7-90DB-3EB965D44AEA}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{AEBC5A20-B3CE-472B-9B15-5B7A3F69ED35}C:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe |
"UDP Query User{C78C8FD6-A30C-48CF-AA21-A388472EFABC}C:\program files\jghdtv\kernel\pipi\jfcachemgr.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\pipi\jfcachemgr.exe |
"UDP Query User{D4A255B5-C99F-4FC4-A572-F7B9216BC2E1}C:\program files\jghdtv\kernel\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\pplive\pplive.exe |
"UDP Query User{DED19C27-1B47-4F4C-B78A-99428C53CA3F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E656F94B-FAEB-4B30-8BFD-0BC29352D30D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7A181D43-86AE-4362-91BF-5C01A19653D7}_is1" = MiniTool Partition Wizard Professional Edition 6.0
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}" = LightScribe System Software 1.14.32.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7849D41-0A46-457D-827D-00FF47AF2D85}_is1" = CAE Report Generator v1.092
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"¼«¹â¸ßÇåµçÓ°µçÊÓ JGHDTV 2009" = ¼«¹â¸ßÇåµçÓ°µçÊÓ JGHDTV 2009 v1.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AutoHotkey" = AutoHotkey 1.1.00.01
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Combat Arms EU" = Combat Arms EU
"Defraggler" = Defraggler
"Duke Nukem Forever_is1" = Duke Nukem Forever
"EpicBot" = EpicBot
"Fraps" = Fraps (remove only)
"Garena" = Garena 2010
"HyperCam 2" = HyperCam 2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"L4D2SP" = Left 4 Dead 2 Standalone Patch™
"L4D2SPUC" = Left 4 Dead 2 Standalone Patch™
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PowerISO" = PowerISO
"pywin32-py2.6" = Python 2.6 pywin32-212
"SMAC 2.0" = SMAC 2.0
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeraCopy_is1" = TeraCopy 2.12
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"TomTom HOME" = TomTom HOME 2.7.6.2056
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/07/2011 06:34:55 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/07/2011 16:46:55 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 26/07/2011 07:07:08 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/07/2011 06:34:05 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/07/2011 06:28:27 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2011 06:22:00 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2011 17:51:39 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/07/2011 06:35:43 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/07/2011 23:04:18 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/07/2011 19:47:08 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 07/07/2010 12:14:28 | Computer Name = Alex-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 03/08/2011 06:34:55 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:35:08 | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:33:44 on 03/08/2011 was unexpected.

Error - 03/08/2011 06:43:12 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:43:20 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:43:33 | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:38:08 on 03/08/2011 was unexpected.

Error - 03/08/2011 06:43:48 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:43:56 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:43:58 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:45:08 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 03/08/2011 06:45:08 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768
There's still remnants of your infection on your system but before I proceed I need the CKScanner log and the Malwarebytes log

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
ok i'll get to it
 

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768
done, both logs attached
 

Attachments

  • ckfiles.txt
    180 bytes · Views: 22
  • mbam-log-2011-08-03 (16-07-43).txt
    1.4 KB · Views: 17

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768
Remove all of the things malwarebytes found. And I would appreciate it if you didn't doctor the logs before sending them to me, I'm not going to help if I'm lied to. Can I have your actual CKScanner log please?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
sorry about that, i got my sister to upload the files, weren't entirely sure how to do it, anyway, here is the REAL untouched log, no ideas what my sister did on it.

and i have removed all the files that were classed as critical on malwarebytes
 

Attachments

  • ckfiles.txt
    344 bytes · Views: 18

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768
I'm not entirely convinced by your story to be honest, your log is now 4 lines shorter than it was before - so you've deleted something off your computer. Plus why do you have a KMS activator installed on your system?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
tom982 said:
I'm not entirely convinced by your story to be honest, your log is now 4 lines shorter than it was before - so you've deleted something off your computer. Plus why do you have a KMS activator installed on your system?

Tom
Click to expand...
i deleted a few things such as skype and my old games, e.g. fifa 10 and left 4 dead 2 because i recently sold them at game for some money, and needed to get some memory back for my hard drive, and your question about that activator thing, i have no idea what that is, is that a virus or malware? how do i delete it? where is it?
 

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768
Windows and Microsoft office use KMS servers to check the activation. If you've got a KMS activator installed, then you're running an illegal copy of Windows/Office. I take it you are not aware of this then?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
tom982 said:
Windows and Microsoft office use KMS servers to check the activation. If you've got a KMS activator installed, then you're running an illegal copy of Windows/Office. I take it you are not aware of this then?

Tom
Click to expand...
jesus christ, how the hell does my computer have that man, can i get arrested!?! what do i do!?!?!

what?! illegal ? i bought the copy from PC world, along with when i got this computer (writing from laptop)
 

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768
In your OTL log, there is the following entries:

Code: 
C:\Windows\KMService.exe
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()

KMService is your illegal KMS emulator and srvany.exe allows any Windows NT application to run as a service, which together runs KMService.exe as a service


Open your start menu, type notepad in the box and open it.

Copy and paste the following into it:

Code: 
sc config KMService start= disabled
sc stop KMService
sc delete KMService

Then File > Save As..., file name: fix.bat, save as type: All File Types. Save this to your desktop, it will have the following icon:

Windows-Batch-File-Icon.png


Go to your desktop, right click on the file and select Run as administrator

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
After doing that, can I have a fresh OTL log please?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
ok, i did the fix.bat thing, and then did another scan with OTL, here it is.
 

Attachments

  • OTL.Txt
    94.1 KB · Views: 19

My Computer

System One

  • Manufacturer/Model
    Compaq Presario
    CPU
    AMD Phenom-64 8750 (2.4GHz)
    Memory
    2814 MB ram
    Graphics Card(s)
    NVIDIA Geforce 9400
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1024 X 768
You must log in or register to reply here.
Back
Top