I recently installed a patch for a game, and then restarted my computer. Afterwards, after i booted my computer, it loaded fine onto the desktop, where it then started freezing and unresponding. Most of the icons in the bottom right in the taskbar never loaded, only my Avast opens and occasionally Advanced System Care, when i restart. I open Mozilla Firefox and it takes some time, where it then opens onto my Homepage: Google and freezes completely. All i can do is click Start. Opening My Computer is fine, but other programs causes my computer to freeze. I have done several system restores, back to when i never installed the patch, but it doesn't seem to work.

I was unsure how to install the patch and got a friend to help me on Teamviewer, could that be an issue? And could this be a virus/malware?

Thanks for your time,
Poolwizard

Originally Posted by richc46

Make a full anti virus scan
Download and make a full scan with malwarebytes.
Then report back with the results.

in safe mode?

ok, i think this prlblem that i posted is gone, but when i open my computer, as it gets the to desktop, it just freezes for about 1 minute, where my internet connection has an X over it, and it eventually turns to the globe, and one icon on my desktop is blank, then eventually loads. I opened my internet to watch something on Youtube, where my computer froze again, yet the soubd on youtube was still playing, got any ideas on whats going on?

i did the OTL scan, heres the things in the notepad:

OTL:

OTL logfile created on: 03/08/2011 11:51:28 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex Liu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 73.55% Memory free
5.72 Gb Paging File | 5.19 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.40 Gb Total Space | 199.62 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
Drive D: | 288.34 Gb Total Space | 279.87 Gb Free Space | 97.06% Space Free | Partition Type: NTFS
Drive Z: | 11.43 Gb Total Space | 0.50 Gb Free Space | 4.38% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex Liu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alex Liu\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Alex Liu\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FastUserSwitchingCompatibility) -- C:\Windows\Installer\AMDEx.msi ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdvancedSystemCareService) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (EagleXNt) -- C:\Windows\System32\drivers\EagleXNt.sys (AhnLab, Inc.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = %s - Crawler.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {1E315374-71A5-471A-B683-4C4ADB5C588B} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.7896
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\ALEXLI~1\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/24 09:43:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/16 16:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/15 01:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 17:14:57 | 000,000,000 | ---D | M]

[2010/10/06 16:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions
[2010/07/06 19:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/06 16:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/08/02 11:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions
[2010/08/14 14:58:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/02 15:13:08 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/07/06 11:53:44 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/07/02 12:47:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/07/21 00:16:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/08 20:14:39 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/08/14 14:58:37 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\cfxe@Triton
[2010/08/14 14:58:54 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\cfxHelper@Triton
[2010/07/06 19:52:53 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\chromifox@altmusictv.com
[2011/07/02 12:47:44 | 000,000,000 | ---D | M] (Tab Scope) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\tabscope@xuldev.org
[2010/12/04 14:33:35 | 000,001,540 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\searchplugins\swagbuckscom.xml
[2011/08/02 11:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/23 01:29:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/22 17:14:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/06 23:44:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/13 00:35:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/16 16:05:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/06/22 17:14:54 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/06/22 17:14:54 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011/06/22 17:14:56 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/06/07 12:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/06/26 08:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 08:47:04 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2010/06/26 08:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010/06/26 08:47:04 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2010/06/26 08:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 08:47:04 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/06/26 08:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/06/26 08:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 111222.cn (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([kan] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([tvguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([vodguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([notice] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.net (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.com (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.net (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{79990606-014d-11e0-ab63-00248c4b7693}\Shell - "" = AutoRun
O33 - MountPoints2\{79990606-014d-11e0-ab63-00248c4b7693}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\{9a487b14-d159-11df-be1d-00248c4b7693}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{d12b056f-72a3-11e0-a691-00248c4b7693}\Shell - "" = AutoRun
O33 - MountPoints2\{d12b056f-72a3-11e0-a691-00248c4b7693}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 11:32:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/29 11:56:10 | 000,484,064 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\EagleXNt.sys
[2011/07/28 01:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/07/25 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011/07/25 16:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/07/24 17:53:25 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\Documents\RSBot
[2011/07/23 01:29:48 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Roaming\Skype
[2011/07/23 01:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/23 01:29:14 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/23 01:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/07/15 15:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/07/15 15:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Left 4 Dead 2
[2011/07/14 21:10:50 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\{fd08e1bd-ba42-4c5d-8213-8797fd5f5dc5}
[2011/07/14 21:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/07/14 21:08:36 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Roaming\SystemRequirementsLab
[2011/07/13 18:05:42 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\{CFE71322-034E-4A8A-9163-6BF7FF5FA11A}
[2011/07/13 05:53:39 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/13 05:53:37 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/13 05:53:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/07/09 13:12:52 | 000,839,680 | ---- | C] (www) -- C:\Windows\System32\LameACM.acm
[2011/07/06 14:22:01 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\{78E34C42-C29B-450F-AFAB-9D609C99DBCA}
[2011/07/06 12:17:26 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\NVIDIA Corporation
[2011/07/06 12:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA nTune Performance Application
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 11:48:00 | 000,612,604 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/03 11:48:00 | 000,109,322 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/03 11:46:56 | 000,459,264 | ---- | M] () -- C:\Users\Alex Liu\Desktop\CKScanner.exe
[2011/08/03 11:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/03 11:35:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 11:35:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 11:31:35 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/08/03 11:30:04 | 000,000,129 | ---- | M] () -- C:\Users\Alex Liu\jagex_runescape_preferences2.dat
[2011/08/03 11:26:47 | 000,000,046 | ---- | M] () -- C:\Users\Alex Liu\jagex_runescape_preferences.dat
[2011/08/03 03:08:30 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/08/01 22:32:29 | 000,484,064 | ---- | M] (AhnLab, Inc.) -- C:\Windows\System32\drivers\EagleXNt.sys
[2011/07/30 11:35:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/28 19:48:20 | 000,000,010 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy Login.ini
[2011/07/25 16:16:41 | 000,000,088 | ---- | M] () -- C:\Users\Alex Liu\Documents\www.ahk
[2011/07/25 16:14:15 | 000,000,187 | ---- | M] () -- C:\Users\Alex Liu\Documents\sss.ahk
[2011/07/25 16:13:43 | 000,001,351 | ---- | M] () -- C:\Users\Alex Liu\Documents\AutoHotkey.ahk
[2011/07/25 13:23:41 | 000,000,090 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy_poolwizard.ini
[2011/07/25 01:33:04 | 000,012,800 | ---- | M] () -- C:\Users\Alex Liu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 18:34:16 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/24 17:54:10 | 000,000,034 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBot_Accounts.ini
[2011/07/23 16:50:28 | 327,961,402 | ---- | M] () -- C:\Users\Alex Liu\Documents\clip0002.avi
[2011/07/23 16:48:48 | 321,242,210 | ---- | M] () -- C:\Users\Alex Liu\Documents\clip0001.avi
[2011/07/16 16:15:04 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/16 16:15:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/07/14 19:59:46 | 000,420,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/12 18:53:45 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/09 13:13:22 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\CAE Report Generator.lnk
[2011/07/09 13:12:58 | 000,067,863 | ---- | M] () -- C:\Windows\System32\x264vfw-uninstall.exe
[2011/07/08 17:00:06 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/07/04 12:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 11:46:56 | 000,459,264 | ---- | C] () -- C:\Users\Alex Liu\Desktop\CKScanner.exe
[2011/08/03 11:32:07 | 000,001,778 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/28 19:48:20 | 000,000,010 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy Login.ini
[2011/07/25 16:16:41 | 000,000,088 | ---- | C] () -- C:\Users\Alex Liu\Documents\www.ahk
[2011/07/25 16:14:15 | 000,000,187 | ---- | C] () -- C:\Users\Alex Liu\Documents\sss.ahk
[2011/07/25 16:13:43 | 000,001,351 | ---- | C] () -- C:\Users\Alex Liu\Documents\AutoHotkey.ahk
[2011/07/25 13:23:41 | 000,000,090 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy_poolwizard.ini
[2011/07/24 17:54:02 | 000,000,034 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBot_Accounts.ini
[2011/07/23 16:49:13 | 327,961,402 | ---- | C] () -- C:\Users\Alex Liu\Documents\clip0002.avi
[2011/07/23 16:47:30 | 321,242,210 | ---- | C] () -- C:\Users\Alex Liu\Documents\clip0001.avi
[2011/07/23 01:29:21 | 000,002,337 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/16 16:15:04 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/12 18:53:45 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/09 13:12:52 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011/05/07 23:45:38 | 000,046,658 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\room.dat
[2011/05/07 17:58:05 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/04/10 16:06:14 | 000,012,800 | ---- | C] () -- C:\Users\Alex Liu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 21:30:29 | 000,009,784 | -HS- | C] () -- C:\Users\Alex Liu\AppData\Local\5tp0jtoe6u6hrfanp5a74iam6f2067y4l
[2011/04/09 21:30:29 | 000,009,784 | -HS- | C] () -- C:\ProgramData\5tp0jtoe6u6hrfanp5a74iam6f2067y4l
[2011/04/09 21:30:09 | 000,004,152 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\BFB0.551
[2011/02/26 00:57:00 | 000,000,019 | ---- | C] () -- C:\Windows\powerlist.ini
[2011/02/23 16:43:47 | 000,000,306 | ---- | C] () -- C:\Windows\powerplayer.ini
[2011/02/23 16:43:47 | 000,000,116 | ---- | C] () -- C:\Windows\psnetwork.ini
[2011/02/02 17:41:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/30 17:58:02 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011/01/07 18:33:55 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/07 18:33:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/07 18:33:49 | 000,067,863 | ---- | C] () -- C:\Windows\System32\x264vfw-uninstall.exe
[2010/09/11 16:29:54 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010/08/17 22:21:02 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2010/08/17 22:21:02 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/08/17 22:20:52 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/08/03 23:38:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/03 23:37:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/14 07:55:38 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/06 19:50:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/06 19:46:13 | 000,000,680 | ---- | C] () -- C:\Users\Alex Liu\AppData\Local\d3d9caps.dat
[2010/07/06 19:42:45 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010/02/17 07:44:36 | 000,014,848 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2010/02/17 07:44:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 07:35:54 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/03/17 12:05:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/17 05:00:23 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2009/03/17 04:26:26 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/03/17 04:26:26 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,420,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,612,604 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,322 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/09/06 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\CAE_Report_Generator
[2011/01/30 17:23:25 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Canon
[2011/07/16 19:28:37 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\EpicBot
[2011/05/28 12:33:39 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\GameRanger
[2011/04/26 09:18:28 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\ijjigame
[2011/07/28 01:59:52 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\IObit
[2010/10/28 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Leadertech
[2011/01/30 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\muvee Technologies
[2011/04/07 22:49:20 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\PPLive
[2011/04/07 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\PPStream
[2011/02/15 23:44:27 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\RoboForm
[2011/03/23 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Spyware Terminator
[2011/07/17 00:58:48 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\SystemRequirementsLab
[2011/08/03 11:48:02 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\TeraCopy
[2010/10/06 16:23:56 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\TomTom
[2011/06/17 07:39:56 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\uTorrent
[2010/07/07 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\WinBatch
[2011/05/21 16:16:22 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\WinFF
[2011/08/03 03:08:30 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2011/07/08 17:00:06 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2011/05/12 15:55:41 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/08/03 03:17:24 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Extras:


OTL Extras logfile created on: 03/08/2011 11:51:28 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex Liu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 73.55% Memory free
5.72 Gb Paging File | 5.19 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.40 Gb Total Space | 199.62 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
Drive D: | 288.34 Gb Total Space | 279.87 Gb Free Space | 97.06% Space Free | Partition Type: NTFS
Drive Z: | 11.43 Gb Total Space | 0.50 Gb Free Space | 4.38% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex Liu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECB1E6-C7DA-4EB4-AB0E-EDB27450A405}" = lport=45682 | protocol=6 | dir=in | name=utorrent fast dl speed 456 |
"{04298C5D-585D-4FE2-A264-2D77D4B46F22}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0B082FA7-2271-4785-959F-931F0388167C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{0EF2EC94-0C3A-4A3E-B1F8-C2B8665FB0A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{0FBD4740-D5BB-4E84-83BA-F691FD500653}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{152AAA7B-7431-4D3A-85DB-BFE9143E5C8F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1B30FA79-AF97-4D5A-8851-E68853318EDA}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E7BAA91-9539-4B43-916A-590CD5B63172}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{2395BF87-C69B-4858-ADE5-985A68905AE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2813E387-298F-4F47-9487-2ABA69157035}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2AFF6F63-8DB2-43AA-AC51-52582D0B4987}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{33652882-7158-4328-9FDA-B5997C2E38B0}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E601F71-A1B4-4CB5-A14E-F9C800BEE803}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40A33D9C-5BB7-4EAB-B350-DC4113771B70}" = lport=138 | protocol=17 | dir=in | app=system |
"{40F4F03F-0F55-468A-B94F-530DBBA9ADAB}" = lport=45682 | protocol=17 | dir=in | name=utorrent fast dl speed 456 |
"{4B10A00C-4926-4063-9A12-7409373F2D10}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4B6D1421-1B3D-4476-A1F9-70A4C1324724}" = lport=138 | protocol=17 | dir=in | app=system |
"{4CC0CEAF-7EB8-472E-A397-470BBF848C2A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{581D0942-321F-49EF-8A89-34F6253303BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{5D5B3500-0249-4190-B1CE-598AFAEECD6C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{63CB72B4-3CDC-4CCF-A47A-F59CB7A93A76}" = lport=5358 | protocol=6 | dir=in | app=system |
"{78847704-3D25-4EEA-AD83-3AFB47B0CC35}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{87B295AD-A84D-4618-B165-56C53304506D}" = lport=139 | protocol=6 | dir=in | app=system |
"{89F51377-DCAA-4E32-AD5A-443C8B56193E}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A59BDC5-9C39-4B2F-AC17-E655B5979B98}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97791781-45C4-4DDE-BA81-CF87B68197A4}" = rport=5358 | protocol=6 | dir=out | app=system |
"{A5EA6027-6DEC-4FC1-98EF-8839D4E7ED15}" = lport=5357 | protocol=6 | dir=in | app=system |
"{B543BF3A-F1B1-406C-A535-48CEE6D24331}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9615D0F-FBEF-47D9-BCCE-C88BCFDD8AB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC289D70-D000-4EB0-8B16-2CF11BBBB313}" = rport=137 | protocol=17 | dir=out | app=system |
"{DEED6D8A-F8F4-41F8-8EAE-58AEFF5F301F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E97E3D94-AA54-4C06-ABDA-C75F10146DCB}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA8A4483-FB78-49B1-83BA-26223EDC509F}" = rport=445 | protocol=6 | dir=out | app=system |
"{F29E5B14-759D-4BF2-BD72-5F05B616E2F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{FD32F624-0DFE-4A6E-AFF7-F01B1C59B1BA}" = rport=5357 | protocol=6 | dir=out | app=system |
"{FE1DA784-6121-4188-B275-6E891228F926}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F79167-3E36-46A6-80DF-7209C62C9525}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{0A7C3FBC-23F3-4039-8CF6-7E5205FCC39D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0C278299-1876-4A05-9069-C9891C641616}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{16BA9FE1-7C73-4B13-909D-DBDB39B04163}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{16C11291-0F2E-44EF-98B3-20AB0B555B84}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{17F90C47-71FE-405C-9E67-7988610C03A4}" = protocol=6 | dir=out | app=system |
"{2E8C56D5-3DC2-4CFC-AF51-243B438FAEC3}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{37489F24-A5D6-45CE-B9D6-A61BD79133BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3910B69C-F5FF-4F8E-A9F0-2A9397E1131B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3CC2EB98-306F-4257-A597-37506E2BB08B}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{3D87B443-A08A-4654-8A5B-4DD12AC12D76}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{3E5C907C-D1F3-4405-8703-EC053784F8BB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{45DA34FE-1A13-49C2-93E2-A512EBDD3C40}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\combatarms.exe |
"{48C57F4F-D89B-4AEF-96CE-C273F112167C}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{5004926E-EDC6-4E62-AAFD-C636C53B7068}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{5171AD13-933E-43DA-B9B0-A3A62A904063}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{56630BA3-67BB-46D8-AC5B-4561C1AF41F7}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{57C92EAF-4FAC-472E-B26E-66F2CF593478}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{58CCABCE-2FE5-435D-82FB-1EB07B80BD4E}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{5AB11638-F5E4-4F25-ADCF-ED974E9BF141}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6835DE15-E11F-4C9D-8090-BC5277960673}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{69BB76D1-D6BE-4E48-9EA6-BD0405C14D71}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{6D5075E4-AE85-48D3-BB8B-5812B7A355E7}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{746C3747-CC26-4CF2-A6F8-7A338F8CBCE2}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{81C26EFB-6950-443D-8E88-A303F70C79A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8B0B2E06-19F0-4085-9F79-2CBBC905086D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{934E08E6-A6D4-4463-9683-309EA1A5516C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{94F46DAF-507A-4087-916A-C40433F0E939}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{97071492-EA9C-4720-AB9E-2C6BE7E98E19}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{97279D71-4916-45D0-9A65-5EAF92CBA268}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{A0298182-8882-4BDA-9BB2-1885A4E3C7EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AA27A728-C7DC-406B-BA41-675425ED2E46}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AB7331E6-5A3B-430A-9B7D-47E91B920144}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C80441E1-A0D6-4E57-A0E6-263C69F7C1B8}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{D38C23DF-009E-41C0-A4A8-D4EE2A391FAF}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{D7BE8FBC-3120-4C28-B647-3C7098115924}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{DACBDC6D-9D52-48D7-B14E-F5914BFEB359}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{DF476873-C749-4A46-A91A-7BD7E91D6A6F}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{DF5E623B-127C-4621-B88C-A20F56806045}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E846130B-2692-46CE-BA31-089C636FF7A3}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\combatarms.exe |
"{F7773322-7CAE-41ED-BC87-EC50313E912F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F9E91079-6C0E-4054-BEB7-A7CFD9851DEA}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{FAAFA4F8-A9BB-4D11-BC34-F87320F5B3B3}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"TCP Query User{05133DF5-596F-4E2C-9D7E-84D9AE5BA8C9}C:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{0F994954-C87E-4152-9E73-17F7D85CA8F5}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"TCP Query User{1BF59AAE-F611-4133-98D3-674F017024AF}C:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe |
"TCP Query User{1E60B82A-111A-44C2-A4EC-3AFAAD64D833}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{36CA3F61-4BF8-45FE-B604-29311EEBC53C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{58D19E61-E121-4123-A50C-272070BF9888}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{5EE7CF08-A869-4203-83B3-5203B475CC2D}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{673BE8B2-FB0E-4322-A7F8-A1B042A30E37}C:\program files\windows media player\wmplayer.exe" = protocol=6 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{7512CED8-C77A-4528-B6DF-A1994A5CB9C9}C:\program files\jghdtv\kernel\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\pplive\pplive.exe |
"TCP Query User{8437E410-27A6-47DD-8C6A-6F7DF91F0D4E}C:\program files\jghdtv\jghdtv.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\jghdtv.exe |
"TCP Query User{893A8BB8-63A3-4A72-BD2E-5AB72C50E2F2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{93134232-F9EA-4342-AC1A-31FD2762693C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{94DAB03C-4E46-4B9A-AB2F-609BCE5D38E1}C:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{9F0EC9CA-D3CB-41FE-AD5E-EE59E4C8EEE4}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{A2C18269-8655-4753-8B7F-10947A9295AD}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{BC291EA5-51B9-4FBA-B87F-4BDB01798839}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C044AC80-0D85-45B1-8E24-833B7FC6B4D9}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{C332089F-1FD5-41BB-AEE1-17531A6809F0}C:\program files\jghdtv\kernel\pipi\jfcachemgr.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\pipi\jfcachemgr.exe |
"TCP Query User{C89280C3-661E-4C28-87B7-AA6E57FFB775}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{CDA088A1-1B8C-4C43-8C2B-6808BCC43FB3}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{D9749E52-CB36-47F2-BD23-360AEB4AC359}C:\program files\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\reactor\reactor.exe |
"TCP Query User{DB6CE6BC-BC0E-4E71-959F-F9FFB07368B7}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{ECD6D185-DFBE-4047-9713-0DEF2ADA36E8}C:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe |
"TCP Query User{FCBB4E58-4241-4785-BA11-90210E5E0FCD}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |
"UDP Query User{045E3184-2734-4CEB-ABD6-E650B5A91365}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |
"UDP Query User{08F50852-2BEE-4EEC-BD91-E4A022415C8A}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{0B019FF1-F2DB-4046-BB8E-82EEFD1A1232}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{0D4A38FA-3505-47FE-8527-3C394321DB62}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{0E620060-F80A-452B-8BD0-BD363BFEBB47}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{1BFD4A5B-3EFD-4CAF-8B61-0F898168F128}C:\program files\jghdtv\jghdtv.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\jghdtv.exe |
"UDP Query User{1C5D25A8-AF03-4B6C-A8EE-8F3752CDD78C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{231EB901-0807-4F96-AB65-EFB310F75356}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"UDP Query User{30788178-04A6-434C-98ED-E378DAE34A1F}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{3C663AAF-892C-4F4F-A616-400BE9AB5EF7}C:\program files\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\reactor\reactor.exe |
"UDP Query User{448C9354-7F61-49C5-8B3E-5B67E600D8E7}C:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{58F8F5CB-16FC-4BDA-AB0D-28520996D5A3}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{6956E085-C7BD-4287-A242-E45E860B9452}C:\program files\windows media player\wmplayer.exe" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"UDP Query User{7540BBCA-06E5-429B-A4C6-271990DCA17D}C:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe |
"UDP Query User{7E937F8E-8106-420A-A639-88AAA941E9A9}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{8315B340-95FE-4C2B-8A2F-798FCD37B56C}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{A89E8455-4658-4C01-8BF7-A1587126376D}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{AB25E870-975C-47A2-BE04-17AAB389CE35}C:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{ABDDA524-337D-48A7-90DB-3EB965D44AEA}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{AEBC5A20-B3CE-472B-9B15-5B7A3F69ED35}C:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe |
"UDP Query User{C78C8FD6-A30C-48CF-AA21-A388472EFABC}C:\program files\jghdtv\kernel\pipi\jfcachemgr.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\pipi\jfcachemgr.exe |
"UDP Query User{D4A255B5-C99F-4FC4-A572-F7B9216BC2E1}C:\program files\jghdtv\kernel\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\pplive\pplive.exe |
"UDP Query User{DED19C27-1B47-4F4C-B78A-99428C53CA3F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E656F94B-FAEB-4B30-8BFD-0BC29352D30D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7A181D43-86AE-4362-91BF-5C01A19653D7}_is1" = MiniTool Partition Wizard Professional Edition 6.0
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}" = LightScribe System Software 1.14.32.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7849D41-0A46-457D-827D-00FF47AF2D85}_is1" = CAE Report Generator v1.092
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"¼«¹â¸ßÇåµçÓ°µçÊÓ JGHDTV 2009" = ¼«¹â¸ßÇåµçÓ°µçÊÓ JGHDTV 2009 v1.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AutoHotkey" = AutoHotkey 1.1.00.01
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Combat Arms EU" = Combat Arms EU
"Defraggler" = Defraggler
"Duke Nukem Forever_is1" = Duke Nukem Forever
"EpicBot" = EpicBot
"Fraps" = Fraps (remove only)
"Garena" = Garena 2010
"HyperCam 2" = HyperCam 2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"L4D2SP" = Left 4 Dead 2 Standalone Patch™
"L4D2SPUC" = Left 4 Dead 2 Standalone Patch™
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PowerISO" = PowerISO
"pywin32-py2.6" = Python 2.6 pywin32-212
"SMAC 2.0" = SMAC 2.0
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeraCopy_is1" = TeraCopy 2.12
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"TomTom HOME" = TomTom HOME 2.7.6.2056
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/07/2011 06:34:55 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/07/2011 16:46:55 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 26/07/2011 07:07:08 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/07/2011 06:34:05 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/07/2011 06:28:27 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2011 06:22:00 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2011 17:51:39 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/07/2011 06:35:43 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/07/2011 23:04:18 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/07/2011 19:47:08 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 07/07/2010 12:14:28 | Computer Name = Alex-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 03/08/2011 06:34:55 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:35:08 | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:33:44 on 03/08/2011 was unexpected.

Error - 03/08/2011 06:43:12 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:43:20 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:43:33 | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:38:08 on 03/08/2011 was unexpected.

Error - 03/08/2011 06:43:48 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:43:56 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:43:58 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:45:08 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 03/08/2011 06:45:08 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

i did the OTL scan, heres the things in the notepad:

OTL:

OTL logfile created on: 03/08/2011 11:51:28 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex Liu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 73.55% Memory free
5.72 Gb Paging File | 5.19 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.40 Gb Total Space | 199.62 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
Drive D: | 288.34 Gb Total Space | 279.87 Gb Free Space | 97.06% Space Free | Partition Type: NTFS
Drive Z: | 11.43 Gb Total Space | 0.50 Gb Free Space | 4.38% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex Liu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alex Liu\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Alex Liu\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FastUserSwitchingCompatibility) -- C:\Windows\Installer\AMDEx.msi ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdvancedSystemCareService) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe (IObit)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (EagleXNt) -- C:\Windows\System32\drivers\EagleXNt.sys (AhnLab, Inc.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.co.uk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = Search Assistant
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Internet Explorer Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = %s - Crawler.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {1E315374-71A5-471A-B683-4C4ADB5C588B} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:1.2
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.7
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.7896
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.6.5
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60446&qkw="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\ALEXLI~1\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/07/24 09:43:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/16 16:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/15 01:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 17:14:57 | 000,000,000 | ---D | M]

[2010/10/06 16:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions
[2010/07/06 19:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/10/06 16:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/08/02 11:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions
[2010/08/14 14:58:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/02 15:13:08 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/07/06 11:53:44 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/07/02 12:47:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/07/21 00:16:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/08 20:14:39 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010/08/14 14:58:37 | 000,000,000 | ---D | M] (Chromifox Extreme) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\cfxe@Triton
[2010/08/14 14:58:54 | 000,000,000 | ---D | M] (Chromifox Companion) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\cfxHelper@Triton
[2010/07/06 19:52:53 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\chromifox@altmusictv.com
[2011/07/02 12:47:44 | 000,000,000 | ---D | M] (Tab Scope) -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\extensions\tabscope@xuldev.org
[2010/12/04 14:33:35 | 000,001,540 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\Mozilla\Firefox\Profiles\j6nhl48u.default\searchplugins\swagbuckscom.xml
[2011/08/02 11:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/23 01:29:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/22 17:14:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/06 23:44:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/13 00:35:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/16 16:05:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/06/22 17:14:54 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2011/06/22 17:14:54 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011/06/22 17:14:56 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2011/06/07 12:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/06/26 08:47:04 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 08:47:04 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2010/06/26 08:47:04 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010/06/26 08:47:04 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2010/06/26 08:47:04 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 08:47:04 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2010/06/26 08:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2010/06/26 08:47:04 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\Windows\System32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 111222.cn (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([kan] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([tvguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pps.tv ([vodguide] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([notice] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml2] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.com ([xml3] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstream.net (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.com (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ppstv.net (
[list1] http in Trusted sites)
O15 - HKCU\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{79990606-014d-11e0-ab63-00248c4b7693}\Shell - "" = AutoRun
O33 - MountPoints2\{79990606-014d-11e0-ab63-00248c4b7693}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\{9a487b14-d159-11df-be1d-00248c4b7693}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{d12b056f-72a3-11e0-a691-00248c4b7693}\Shell - "" = AutoRun
O33 - MountPoints2\{d12b056f-72a3-11e0-a691-00248c4b7693}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/03 11:32:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/29 11:56:10 | 000,484,064 | ---- | C] (AhnLab, Inc.) -- C:\Windows\System32\drivers\EagleXNt.sys
[2011/07/28 01:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/07/25 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011/07/25 16:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2011/07/24 17:53:25 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\Documents\RSBot
[2011/07/23 01:29:48 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Roaming\Skype
[2011/07/23 01:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/23 01:29:14 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/07/23 01:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/07/15 15:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/07/15 15:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Left 4 Dead 2
[2011/07/14 21:10:50 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\{fd08e1bd-ba42-4c5d-8213-8797fd5f5dc5}
[2011/07/14 21:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/07/14 21:08:36 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Roaming\SystemRequirementsLab
[2011/07/13 18:05:42 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\{CFE71322-034E-4A8A-9163-6BF7FF5FA11A}
[2011/07/13 05:53:39 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/07/13 05:53:37 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/07/13 05:53:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/07/09 13:12:52 | 000,839,680 | ---- | C] (www) -- C:\Windows\System32\LameACM.acm
[2011/07/06 14:22:01 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\{78E34C42-C29B-450F-AFAB-9D609C99DBCA}
[2011/07/06 12:17:26 | 000,000,000 | ---D | C] -- C:\Users\Alex Liu\AppData\Local\NVIDIA Corporation
[2011/07/06 12:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA nTune Performance Application
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/03 11:48:00 | 000,612,604 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/03 11:48:00 | 000,109,322 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/03 11:46:56 | 000,459,264 | ---- | M] () -- C:\Users\Alex Liu\Desktop\CKScanner.exe
[2011/08/03 11:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/03 11:35:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 11:35:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/03 11:31:35 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/08/03 11:30:04 | 000,000,129 | ---- | M] () -- C:\Users\Alex Liu\jagex_runescape_preferences2.dat
[2011/08/03 11:26:47 | 000,000,046 | ---- | M] () -- C:\Users\Alex Liu\jagex_runescape_preferences.dat
[2011/08/03 03:08:30 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2011/08/01 22:32:29 | 000,484,064 | ---- | M] (AhnLab, Inc.) -- C:\Windows\System32\drivers\EagleXNt.sys
[2011/07/30 11:35:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/28 19:48:20 | 000,000,010 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy Login.ini
[2011/07/25 16:16:41 | 000,000,088 | ---- | M] () -- C:\Users\Alex Liu\Documents\www.ahk
[2011/07/25 16:14:15 | 000,000,187 | ---- | M] () -- C:\Users\Alex Liu\Documents\sss.ahk
[2011/07/25 16:13:43 | 000,001,351 | ---- | M] () -- C:\Users\Alex Liu\Documents\AutoHotkey.ahk
[2011/07/25 13:23:41 | 000,000,090 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy_poolwizard.ini
[2011/07/25 01:33:04 | 000,012,800 | ---- | M] () -- C:\Users\Alex Liu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/24 18:34:16 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/24 17:54:10 | 000,000,034 | ---- | M] () -- C:\Users\Alex Liu\AppData\Roaming\RSBot_Accounts.ini
[2011/07/23 16:50:28 | 327,961,402 | ---- | M] () -- C:\Users\Alex Liu\Documents\clip0002.avi
[2011/07/23 16:48:48 | 321,242,210 | ---- | M] () -- C:\Users\Alex Liu\Documents\clip0001.avi
[2011/07/16 16:15:04 | 000,001,799 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/16 16:15:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/07/14 19:59:46 | 000,420,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/12 18:53:45 | 000,000,774 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/09 13:13:22 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\CAE Report Generator.lnk
[2011/07/09 13:12:58 | 000,067,863 | ---- | M] () -- C:\Windows\System32\x264vfw-uninstall.exe
[2011/07/08 17:00:06 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/07/04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/07/04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/07/04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/07/04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/07/04 12:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/07/04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 11:46:56 | 000,459,264 | ---- | C] () -- C:\Users\Alex Liu\Desktop\CKScanner.exe
[2011/08/03 11:32:07 | 000,001,778 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/28 19:48:20 | 000,000,010 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy Login.ini
[2011/07/25 16:16:41 | 000,000,088 | ---- | C] () -- C:\Users\Alex Liu\Documents\www.ahk
[2011/07/25 16:14:15 | 000,000,187 | ---- | C] () -- C:\Users\Alex Liu\Documents\sss.ahk
[2011/07/25 16:13:43 | 000,001,351 | ---- | C] () -- C:\Users\Alex Liu\Documents\AutoHotkey.ahk
[2011/07/25 13:23:41 | 000,000,090 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBuddy_poolwizard.ini
[2011/07/24 17:54:02 | 000,000,034 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\RSBot_Accounts.ini
[2011/07/23 16:49:13 | 327,961,402 | ---- | C] () -- C:\Users\Alex Liu\Documents\clip0002.avi
[2011/07/23 16:47:30 | 321,242,210 | ---- | C] () -- C:\Users\Alex Liu\Documents\clip0001.avi
[2011/07/23 01:29:21 | 000,002,337 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/07/16 16:15:04 | 000,001,799 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/12 18:53:45 | 000,000,774 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/09 13:12:52 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2011/05/07 23:45:38 | 000,046,658 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\room.dat
[2011/05/07 17:58:05 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/04/10 16:06:14 | 000,012,800 | ---- | C] () -- C:\Users\Alex Liu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 21:30:29 | 000,009,784 | -HS- | C] () -- C:\Users\Alex Liu\AppData\Local\5tp0jtoe6u6hrfanp5a74iam6f2067y4l
[2011/04/09 21:30:29 | 000,009,784 | -HS- | C] () -- C:\ProgramData\5tp0jtoe6u6hrfanp5a74iam6f2067y4l
[2011/04/09 21:30:09 | 000,004,152 | ---- | C] () -- C:\Users\Alex Liu\AppData\Roaming\BFB0.551
[2011/02/26 00:57:00 | 000,000,019 | ---- | C] () -- C:\Windows\powerlist.ini
[2011/02/23 16:43:47 | 000,000,306 | ---- | C] () -- C:\Windows\powerplayer.ini
[2011/02/23 16:43:47 | 000,000,116 | ---- | C] () -- C:\Windows\psnetwork.ini
[2011/02/02 17:41:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/30 17:58:02 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011/01/07 18:33:55 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/07 18:33:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/01/07 18:33:49 | 000,067,863 | ---- | C] () -- C:\Windows\System32\x264vfw-uninstall.exe
[2010/09/11 16:29:54 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010/08/17 22:21:02 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2010/08/17 22:21:02 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/08/17 22:20:52 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/08/03 23:38:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/03 23:37:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/07/14 07:55:38 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/07/06 19:50:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/06 19:46:13 | 000,000,680 | ---- | C] () -- C:\Users\Alex Liu\AppData\Local\d3d9caps.dat
[2010/07/06 19:42:45 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010/02/17 07:44:36 | 000,014,848 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2010/02/17 07:44:32 | 000,073,728 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 07:35:54 | 002,378,752 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/03/17 12:05:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/17 05:00:23 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2009/03/17 04:26:26 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009/03/17 04:26:26 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,420,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,612,604 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,322 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/09/06 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\CAE_Report_Generator
[2011/01/30 17:23:25 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Canon
[2011/07/16 19:28:37 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\EpicBot
[2011/05/28 12:33:39 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\GameRanger
[2011/04/26 09:18:28 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\ijjigame
[2011/07/28 01:59:52 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\IObit
[2010/10/28 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Leadertech
[2011/01/30 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\muvee Technologies
[2011/04/07 22:49:20 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\PPLive
[2011/04/07 23:21:50 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\PPStream
[2011/02/15 23:44:27 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\RoboForm
[2011/03/23 17:28:51 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\Spyware Terminator
[2011/07/17 00:58:48 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\SystemRequirementsLab
[2011/08/03 11:48:02 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\TeraCopy
[2010/10/06 16:23:56 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\TomTom
[2011/06/17 07:39:56 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\uTorrent
[2010/07/07 17:19:26 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\WinBatch
[2011/05/21 16:16:22 | 000,000,000 | ---D | M] -- C:\Users\Alex Liu\AppData\Roaming\WinFF
[2011/08/03 03:08:30 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\AWC Update.job
[2011/07/08 17:00:06 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job
[2011/05/12 15:55:41 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/08/03 03:17:24 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Extras:


OTL Extras logfile created on: 03/08/2011 11:51:28 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Alex Liu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 73.55% Memory free
5.72 Gb Paging File | 5.19 Gb Available in Paging File | 90.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296.40 Gb Total Space | 199.62 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
Drive D: | 288.34 Gb Total Space | 279.87 Gb Free Space | 97.06% Space Free | Partition Type: NTFS
Drive Z: | 11.43 Gb Total Space | 0.50 Gb Free Space | 4.38% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex Liu | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03ECB1E6-C7DA-4EB4-AB0E-EDB27450A405}" = lport=45682 | protocol=6 | dir=in | name=utorrent fast dl speed 456 |
"{04298C5D-585D-4FE2-A264-2D77D4B46F22}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0B082FA7-2271-4785-959F-931F0388167C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{0EF2EC94-0C3A-4A3E-B1F8-C2B8665FB0A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{0FBD4740-D5BB-4E84-83BA-F691FD500653}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{152AAA7B-7431-4D3A-85DB-BFE9143E5C8F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1B30FA79-AF97-4D5A-8851-E68853318EDA}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E7BAA91-9539-4B43-916A-590CD5B63172}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{2395BF87-C69B-4858-ADE5-985A68905AE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2813E387-298F-4F47-9487-2ABA69157035}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2AFF6F63-8DB2-43AA-AC51-52582D0B4987}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{33652882-7158-4328-9FDA-B5997C2E38B0}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E601F71-A1B4-4CB5-A14E-F9C800BEE803}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40A33D9C-5BB7-4EAB-B350-DC4113771B70}" = lport=138 | protocol=17 | dir=in | app=system |
"{40F4F03F-0F55-468A-B94F-530DBBA9ADAB}" = lport=45682 | protocol=17 | dir=in | name=utorrent fast dl speed 456 |
"{4B10A00C-4926-4063-9A12-7409373F2D10}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4B6D1421-1B3D-4476-A1F9-70A4C1324724}" = lport=138 | protocol=17 | dir=in | app=system |
"{4CC0CEAF-7EB8-472E-A397-470BBF848C2A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{581D0942-321F-49EF-8A89-34F6253303BD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{5D5B3500-0249-4190-B1CE-598AFAEECD6C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{63CB72B4-3CDC-4CCF-A47A-F59CB7A93A76}" = lport=5358 | protocol=6 | dir=in | app=system |
"{78847704-3D25-4EEA-AD83-3AFB47B0CC35}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{87B295AD-A84D-4618-B165-56C53304506D}" = lport=139 | protocol=6 | dir=in | app=system |
"{89F51377-DCAA-4E32-AD5A-443C8B56193E}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A59BDC5-9C39-4B2F-AC17-E655B5979B98}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97791781-45C4-4DDE-BA81-CF87B68197A4}" = rport=5358 | protocol=6 | dir=out | app=system |
"{A5EA6027-6DEC-4FC1-98EF-8839D4E7ED15}" = lport=5357 | protocol=6 | dir=in | app=system |
"{B543BF3A-F1B1-406C-A535-48CEE6D24331}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9615D0F-FBEF-47D9-BCCE-C88BCFDD8AB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC289D70-D000-4EB0-8B16-2CF11BBBB313}" = rport=137 | protocol=17 | dir=out | app=system |
"{DEED6D8A-F8F4-41F8-8EAE-58AEFF5F301F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E97E3D94-AA54-4C06-ABDA-C75F10146DCB}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA8A4483-FB78-49B1-83BA-26223EDC509F}" = rport=445 | protocol=6 | dir=out | app=system |
"{F29E5B14-759D-4BF2-BD72-5F05B616E2F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{FD32F624-0DFE-4A6E-AFF7-F01B1C59B1BA}" = rport=5357 | protocol=6 | dir=out | app=system |
"{FE1DA784-6121-4188-B275-6E891228F926}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F79167-3E36-46A6-80DF-7209C62C9525}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{0A7C3FBC-23F3-4039-8CF6-7E5205FCC39D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{0C278299-1876-4A05-9069-C9891C641616}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{16BA9FE1-7C73-4B13-909D-DBDB39B04163}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{16C11291-0F2E-44EF-98B3-20AB0B555B84}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{17F90C47-71FE-405C-9E67-7988610C03A4}" = protocol=6 | dir=out | app=system |
"{2E8C56D5-3DC2-4CFC-AF51-243B438FAEC3}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{37489F24-A5D6-45CE-B9D6-A61BD79133BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3910B69C-F5FF-4F8E-A9F0-2A9397E1131B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3CC2EB98-306F-4257-A597-37506E2BB08B}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{3D87B443-A08A-4654-8A5B-4DD12AC12D76}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{3E5C907C-D1F3-4405-8703-EC053784F8BB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{45DA34FE-1A13-49C2-93E2-A512EBDD3C40}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\combatarms.exe |
"{48C57F4F-D89B-4AEF-96CE-C273F112167C}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{5004926E-EDC6-4E62-AAFD-C636C53B7068}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{5171AD13-933E-43DA-B9B0-A3A62A904063}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{56630BA3-67BB-46D8-AC5B-4561C1AF41F7}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{57C92EAF-4FAC-472E-B26E-66F2CF593478}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{58CCABCE-2FE5-435D-82FB-1EB07B80BD4E}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{5AB11638-F5E4-4F25-ADCF-ED974E9BF141}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6835DE15-E11F-4C9D-8090-BC5277960673}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{69BB76D1-D6BE-4E48-9EA6-BD0405C14D71}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{6D5075E4-AE85-48D3-BB8B-5812B7A355E7}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{746C3747-CC26-4CF2-A6F8-7A338F8CBCE2}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{81C26EFB-6950-443D-8E88-A303F70C79A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8B0B2E06-19F0-4085-9F79-2CBBC905086D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{934E08E6-A6D4-4463-9683-309EA1A5516C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{94F46DAF-507A-4087-916A-C40433F0E939}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{97071492-EA9C-4720-AB9E-2C6BE7E98E19}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{97279D71-4916-45D0-9A65-5EAF92CBA268}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{A0298182-8882-4BDA-9BB2-1885A4E3C7EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AA27A728-C7DC-406B-BA41-675425ED2E46}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{AB7331E6-5A3B-430A-9B7D-47E91B920144}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C80441E1-A0D6-4E57-A0E6-263C69F7C1B8}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{D38C23DF-009E-41C0-A4A8-D4EE2A391FAF}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe |
"{D7BE8FBC-3120-4C28-B647-3C7098115924}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{DACBDC6D-9D52-48D7-B14E-F5914BFEB359}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{DF476873-C749-4A46-A91A-7BD7E91D6A6F}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{DF5E623B-127C-4621-B88C-A20F56806045}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E846130B-2692-46CE-BA31-089C636FF7A3}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\combatarms.exe |
"{F7773322-7CAE-41ED-BC87-EC50313E912F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F9E91079-6C0E-4054-BEB7-A7CFD9851DEA}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{FAAFA4F8-A9BB-4D11-BC34-F87320F5B3B3}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"TCP Query User{05133DF5-596F-4E2C-9D7E-84D9AE5BA8C9}C:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{0F994954-C87E-4152-9E73-17F7D85CA8F5}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"TCP Query User{1BF59AAE-F611-4133-98D3-674F017024AF}C:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe |
"TCP Query User{1E60B82A-111A-44C2-A4EC-3AFAAD64D833}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{36CA3F61-4BF8-45FE-B604-29311EEBC53C}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{58D19E61-E121-4123-A50C-272070BF9888}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{5EE7CF08-A869-4203-83B3-5203B475CC2D}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{673BE8B2-FB0E-4322-A7F8-A1B042A30E37}C:\program files\windows media player\wmplayer.exe" = protocol=6 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"TCP Query User{7512CED8-C77A-4528-B6DF-A1994A5CB9C9}C:\program files\jghdtv\kernel\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\pplive\pplive.exe |
"TCP Query User{8437E410-27A6-47DD-8C6A-6F7DF91F0D4E}C:\program files\jghdtv\jghdtv.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\jghdtv.exe |
"TCP Query User{893A8BB8-63A3-4A72-BD2E-5AB72C50E2F2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{93134232-F9EA-4342-AC1A-31FD2762693C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{94DAB03C-4E46-4B9A-AB2F-609BCE5D38E1}C:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{9F0EC9CA-D3CB-41FE-AD5E-EE59E4C8EEE4}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{A2C18269-8655-4753-8B7F-10947A9295AD}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{BC291EA5-51B9-4FBA-B87F-4BDB01798839}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C044AC80-0D85-45B1-8E24-833B7FC6B4D9}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{C332089F-1FD5-41BB-AEE1-17531A6809F0}C:\program files\jghdtv\kernel\pipi\jfcachemgr.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\pipi\jfcachemgr.exe |
"TCP Query User{C89280C3-661E-4C28-87B7-AA6E57FFB775}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{CDA088A1-1B8C-4C43-8C2B-6808BCC43FB3}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"TCP Query User{D9749E52-CB36-47F2-BD23-360AEB4AC359}C:\program files\reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\reactor\reactor.exe |
"TCP Query User{DB6CE6BC-BC0E-4E71-959F-F9FFB07368B7}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{ECD6D185-DFBE-4047-9713-0DEF2ADA36E8}C:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe |
"TCP Query User{FCBB4E58-4241-4785-BA11-90210E5E0FCD}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |
"UDP Query User{045E3184-2734-4CEB-ABD6-E650B5A91365}C:\program files\activision\call of duty - black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackopsmp.exe |
"UDP Query User{08F50852-2BEE-4EEC-BD91-E4A022415C8A}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{0B019FF1-F2DB-4046-BB8E-82EEFD1A1232}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{0D4A38FA-3505-47FE-8527-3C394321DB62}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{0E620060-F80A-452B-8BD0-BD363BFEBB47}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{1BFD4A5B-3EFD-4CAF-8B61-0F898168F128}C:\program files\jghdtv\jghdtv.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\jghdtv.exe |
"UDP Query User{1C5D25A8-AF03-4B6C-A8EE-8F3752CDD78C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{231EB901-0807-4F96-AB65-EFB310F75356}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"UDP Query User{30788178-04A6-434C-98ED-E378DAE34A1F}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{3C663AAF-892C-4F4F-A616-400BE9AB5EF7}C:\program files\reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\reactor\reactor.exe |
"UDP Query User{448C9354-7F61-49C5-8B3E-5B67E600D8E7}C:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\alex liu\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{58F8F5CB-16FC-4BDA-AB0D-28520996D5A3}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{6956E085-C7BD-4287-A242-E45E860B9452}C:\program files\windows media player\wmplayer.exe" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"UDP Query User{7540BBCA-06E5-429B-A4C6-271990DCA17D}C:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\sopcast\adv\sopadver.exe |
"UDP Query User{7E937F8E-8106-420A-A639-88AAA941E9A9}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{8315B340-95FE-4C2B-8A2F-798FCD37B56C}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{A89E8455-4658-4C01-8BF7-A1587126376D}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe |
"UDP Query User{AB25E870-975C-47A2-BE04-17AAB389CE35}C:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\alex liu\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{ABDDA524-337D-48A7-90DB-3EB965D44AEA}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{AEBC5A20-B3CE-472B-9B15-5B7A3F69ED35}C:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\alex liu\desktop\left 4 dead 2\left4dead2.exe |
"UDP Query User{C78C8FD6-A30C-48CF-AA21-A388472EFABC}C:\program files\jghdtv\kernel\pipi\jfcachemgr.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\pipi\jfcachemgr.exe |
"UDP Query User{D4A255B5-C99F-4FC4-A572-F7B9216BC2E1}C:\program files\jghdtv\kernel\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files\jghdtv\kernel\pplive\pplive.exe |
"UDP Query User{DED19C27-1B47-4F4C-B78A-99428C53CA3F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E656F94B-FAEB-4B30-8BFD-0BC29352D30D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7A181D43-86AE-4362-91BF-5C01A19653D7}_is1" = MiniTool Partition Wizard Professional Edition 6.0
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3D8718-EF21-4408-AE38-A6DA98E1E2B6}" = LightScribe System Software 1.14.32.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D722CF4B-4B06-BF11-FDEA-BD1B319FEA57}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7849D41-0A46-457D-827D-00FF47AF2D85}_is1" = CAE Report Generator v1.092
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"¼«¹â¸ßÇåµçÓ°µçÊÓ JGHDTV 2009" = ¼«¹â¸ßÇåµçÓ°µçÊÓ JGHDTV 2009 v1.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"AutoHotkey" = AutoHotkey 1.1.00.01
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CCleaner" = CCleaner
"Combat Arms EU" = Combat Arms EU
"Defraggler" = Defraggler
"Duke Nukem Forever_is1" = Duke Nukem Forever
"EpicBot" = EpicBot
"Fraps" = Fraps (remove only)
"Garena" = Garena 2010
"HyperCam 2" = HyperCam 2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"L4D2SP" = Left 4 Dead 2 Standalone Patch™
"L4D2SPUC" = Left 4 Dead 2 Standalone Patch™
"LameACM" = Lame ACM MP3 Codec
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PowerISO" = PowerISO
"pywin32-py2.6" = Python 2.6 pywin32-212
"SMAC 2.0" = SMAC 2.0
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeraCopy_is1" = TeraCopy 2.12
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"TomTom HOME" = TomTom HOME 2.7.6.2056
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/07/2011 06:34:55 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/07/2011 16:46:55 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 26/07/2011 07:07:08 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/07/2011 06:34:05 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/07/2011 06:28:27 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2011 06:22:00 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2011 17:51:39 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/07/2011 06:35:43 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/07/2011 23:04:18 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/07/2011 19:47:08 | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 07/07/2010 12:14:28 | Computer Name = Alex-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 03/08/2011 06:34:55 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:35:08 | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:33:44 on 03/08/2011 was unexpected.

Error - 03/08/2011 06:43:12 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:43:20 | Computer Name = Alex-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 03/08/2011 06:43:33 | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:38:08 on 03/08/2011 was unexpected.

Error - 03/08/2011 06:43:48 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:43:56 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:43:58 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2011 06:45:08 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 03/08/2011 06:45:08 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

ok i'll get to it