Something is wrong with my computer. Everything was working fine as far as I could tell until yesterday when I played some Supreme Commander and the game crashed at the end of a campaign. Afterwards, I noticed that IE was behaving oddly. Sometimes, new windows or tabs would just refuse to connect to the internet even though other tabs and windows work fine. I decided to restart, which is when I noticed a whole range of problems.



I have Vista 64 Ultimate

The following software now refuse to start, crashing immediately.
Internet Explorer
Firefox
Windows Media Player
Nero 8
uTorrent
and Veohwebplayer just doesn't seem to start at all.

Oddly enough, IE 64 bit works fine, as does the copy of WMP installed in program files rather than program files (x86). 64 bit WMP? Zoomplayer, Microsoft Office also work fine. Ironically, Supreme Commander and all my other games also work fine.

When the things crash, the "program has stopped working, windows checking for a solution" thing pops up, resulting shortly in WerFault.exe-Application Error, "The exception unknown software exception (0*c0000005) occurred in the application at location 0*4b021750"

This has got me completely stumped. Since I still can do pretty much everything I did before with 64-bit IE and the apparently 64 bit WMP, I'm leaving things alone until someone can help me figure out what the heck is going on. Using a Restore point from 2 days ago did nothing.

shangrila... be sure you remove all your p2p software... so they can help you... you must remove it first... L

Hmm, are they considered illegal or something? But fine, uTorrent's removed. At least it doesn't show up in add/remove programs anymore, though when I uninstalled, the same error popped up "TCP IP Ping has stopped working" then the same error message as the others.

shangrila... yes it is one of their rules... they wont help you if you dont... and if you cant remove it they will help you... they want honest and hard working people... they have the best staff here to help you... you are in the right place... good luck... L

Okay, I've followed the steps of the Prework.

The Hijackthis log is here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:56 PM, on 8/30/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SysWOW64\conime.exe
C:\Security\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Security\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8239 bytes

The Malwarebytes log is here:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.0.6002 Service Pack 2
8/30/2009 11:48:42 PM
mbam-log-2009-08-30 (23-48-38).txt
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 624468
Time elapsed: 1 hour(s), 35 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
E:\Games\Crusader\Copy (2) of Crusaders.exe (Rogue.Crusader) -> No action taken.
E:\Games\Crusader\Copy of Crusaders.exe (Rogue.Crusader) -> No action taken.
E:\Games\Crusader\Crusaders.exe (Rogue.Crusader) -> No action taken.
E:\Games\Crusader\Crusaders.exe.old (Rogue.Crusader) -> No action taken.
E:\Games\Crusader\workingCrusaders.exe (Rogue.Crusader) -> No action taken.
C:\install.exe (Trojan.Agent) -> No action taken.

In addition, the same crashing problem pops up when I try to update Malwarebytes, shutting the program down with it, meaning that I ran the scan with the 8/3 database instead of whichever one is most recent. The same also happens when I click remove after the scan completed. Doing some experimentation, it appears that attempting to update my Avast! anti-virus results in the same, though unlike Malware Bytes, it only shuts down the update attempt, not the whole program. It does appear as if I've been infected, though I'm clueless as to how, since I was playing Supreme Commander when it apparently happened.

I have not yet removed the malware listed by Malwarebytes because attempting to do so causes the program to crash just like my other programs. As I mentioned, MalwareBytes works, but attempting to either update it, or remove the Malware it lists causes the program to crash same as IE or Firefox when attempting to open them.

Should I attempt to do it by hand? Or might entering Safe Mode or some other such method and trying again work?

Second, I have Vista 64, not Vista x86. Does this make any difference to your directions?

Sorry if some of these questions seem obtuse, but since this problem is not causing me much immediate trouble, I'm trying to play it as safe as possible rather than risk doing any damage.

Malwarebytes was able to remove the listed malware in safe mode, but problem is not fixed after reboot.

OTL.txt is here:

OTL logfile created on: 9/1/2009 10:46:51 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\**********\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 691.65 Gb Free Space | 74.25% Space Free | Partition Type: NTFS
Drive D: | 3.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 149.05 Gb Total Space | 28.04 Gb Free Space | 18.81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XIAOLECHEN-PC
Current User Name: **********
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Users\**********\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV:64bit: - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation)
SRV:64bit: - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (KeyIso [On_Demand | Stopped]) -- C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 09:34:14 | 00,000,000 | ---D | M]
SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (Netlogon [On_Demand | Stopped]) -- C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (Stereo Service [Auto | Running]) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (Amfilter [System | Running]) -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys ((Standard mouse types))
DRV:64bit: - (Amusbprt [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys (A4Tech Co.,Ltd.)
DRV:64bit: - (aswFsBlk [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswRdr [System | Running]) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (aswSP [System | Running]) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswTdi [System | Running]) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (JRAID [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (KMWDFILTER [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV - (CSC [System | Running]) -- C:\Windows\CSC [2009/01/10 15:07:48 | 00,000,000 | ---D | M]
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 85 04 5F BA 25 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/16 19:41:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/08/04 13:59:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/08/04 13:59:51 | 00,000,000 | ---D | M]

[2009/01/10 15:58:09 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\mozilla\Extensions
[2009/01/10 15:58:09 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/26 01:24:21 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\si21cvoq.default\extensions
[2009/07/16 22:39:25 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\si21cvoq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/16 21:31:01 | 00,002,399 | ---- | M] () -- C:\Users\**********\AppData\Roaming\Mozilla\FireFox\Profiles\si21cvoq.default\searchplugins\daemon-search.xml
[2009/08/30 11:15:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/08/04 13:59:51 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/04 13:59:50 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 13:59:50 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/08/04 13:59:51 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/07/16 22:38:16 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/16 22:38:16 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/07/16 22:38:16 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/16 22:38:16 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/07/16 22:38:16 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/07/16 22:38:16 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/16 22:38:16 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2be8edfd-7271-11de-8b92-002185fc9263}\Shell - "" = AutoRun
O33 - MountPoints2\{2be8edfd-7271-11de-8b92-002185fc9263}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{77d2aed7-6650-11de-99ec-002185fc9263}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O33 - MountPoints2\{c687468a-df49-11dd-b668-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c687468a-df49-11dd-b668-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SH-S223Q.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs:64bit: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs:64bit: Ias - Service key not found. File not found
NetSvcs:64bit: Irmon - Service key not found. File not found
NetSvcs:64bit: Nla - Service key not found. File not found
NetSvcs:64bit: Ntmssvc - Service key not found. File not found
NetSvcs:64bit: NWCWorkstation - Service key not found. File not found
NetSvcs:64bit: Nwsapagent - Service key not found. File not found
NetSvcs:64bit: SRService - Service key not found. File not found
NetSvcs:64bit: Wmi - Service key not found. File not found
NetSvcs:64bit: WmdmPmSp - Service key not found. File not found
NetSvcs:64bit: LogonHours - Service key not found. File not found
NetSvcs:64bit: PCAudit - Service key not found. File not found
NetSvcs:64bit: helpsvc - Service key not found. File not found
NetSvcs:64bit: uploadmgr - Service key not found. File not found
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: KeyIso - C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SafeBootMin: Netlogon - C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWow64\Wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: KeyIso - C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Netlogon - C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWow64\Wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWow64\Wbem\vds.mof ()
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

Continued OTL.txt:

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {23A20C3C-2ADD-4A80-AFB4-C146F8847D79} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2009/09/01 10:39:47 | 21,371,20767 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/01 02:38:27 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe
[2009/08/30 22:02:40 | 00,001,573 | ---- | C] () -- C:\Users\**********\Desktop\HijackThis.lnk
[2009/08/30 20:02:39 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\**********\Desktop\HijackThisInstaller.exe
[2009/08/30 19:53:24 | 00,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Malwarebytes
[2009/08/30 19:53:23 | 00,000,709 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/30 19:53:21 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/08/30 19:53:20 | 00,022,040 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/08/30 19:53:20 | 00,000,000 | ---D | C] -- C:\Security
[2009/08/30 19:53:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/30 19:52:26 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\**********\Desktop\mbam-setup.exe
[2009/08/30 12:44:51 | 03,171,456 | ---- | C] (Uniblue Systems Ltd. ) -- C:\Users\**********\Desktop\DriverScanner.exe
[2009/08/30 12:13:14 | 00,192,603 | ---- | C] () -- C:\Users\**********\Desktop\16286-utorrent.c9a6.dmp
[2009/08/30 12:12:26 | 00,197,976 | ---- | C] () -- C:\Users\**********\Desktop\16286-utorrent.3823.dmp
[2009/08/30 12:12:21 | 00,288,560 | ---- | C] (BitTorrent, Inc.) -- C:\Users\**********\Desktop\utorrent.exe
[2009/08/30 11:45:47 | 00,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Microsoft Games
[2009/08/30 11:32:45 | 00,000,000 | R--D | C] -- C:\Users\**********\Documents\Notes
[2009/08/30 02:25:45 | 00,000,000 | R--D | C] -- C:\Users\**********\Desktop\Tylersburg
[2009/08/30 02:13:36 | 02,513,432 | ---- | C] (Intel® Corporation) -- C:\Users\**********\Desktop\infinst_autol.exe
[2009/08/30 01:12:50 | 00,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2009/08/27 13:56:03 | 00,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Gas Powered Games
[2009/08/27 11:31:19 | 00,000,000 | ---D | C] -- C:\temp
[2009/08/27 11:31:13 | 00,001,875 | ---- | C] () -- C:\Users\Public\Desktop\Supreme Commander.lnk
[2009/08/27 11:30:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/08/27 11:17:40 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2009/08/26 19:52:07 | 05,603,328 | ---- | C] (Gas Powered Games) -- C:\Users\**********\Desktop\supcom_fa_patch_1.5.3598_to_1.5.3599.exe
[2009/08/26 19:51:23 | 05,615,616 | ---- | C] (Gas Powered Games) -- C:\Users\**********\Desktop\supcom_fa_patch_1.5.3596_to_1.5.3598.exe
[2009/08/25 15:10:22 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzres.dll
[2009/08/25 15:10:22 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2009/08/25 14:39:10 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2009/08/25 14:39:10 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009/08/25 14:39:10 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2009/08/25 14:39:10 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2009/08/18 01:19:08 | 01,199,104 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/12 02:29:55 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll
[2009/08/12 02:29:54 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kerberos.dll
[2009/08/12 02:29:54 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll
[2009/08/12 02:29:53 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2009/08/12 02:29:53 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll
[2009/08/12 02:29:53 | 00,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdigest.dll
[2009/08/12 02:29:53 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdigest.dll
[2009/08/12 02:29:52 | 00,515,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecdd.sys
[2009/08/12 02:29:52 | 00,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2009/08/12 02:29:52 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schannel.dll
[2009/08/12 02:29:52 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2009/08/12 02:29:52 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secur32.dll
[2009/08/12 02:29:52 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsass.exe
[2009/08/12 02:29:49 | 02,424,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2009/08/12 02:29:49 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2009/08/12 02:29:45 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\atl.dll
[2009/08/12 02:29:45 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl.dll
[2009/08/12 02:29:43 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wkssvc.dll
[2009/08/12 02:29:41 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avifil32.dll
[2009/08/12 02:29:41 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciavi32.dll
[2009/08/12 02:29:41 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2009/08/12 02:29:41 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avicap32.dll
[2009/08/12 02:29:01 | 13,428,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2009/08/12 02:28:57 | 10,626,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2009/08/12 02:28:57 | 00,368,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpdxm.dll
[2009/08/12 02:28:56 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpdxm.dll
[2009/08/12 02:28:55 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2009/08/12 02:28:55 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2009/08/12 02:28:54 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2009/08/12 02:28:54 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2009/08/12 02:28:54 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2009/08/12 02:28:54 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2009/08/12 02:28:53 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2009/08/12 02:28:53 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2009/08/12 02:28:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.tlb
[2009/08/12 02:28:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.tlb
[2009/08/12 02:28:52 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\amcompat.tlb
[2009/08/12 02:28:52 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\amcompat.tlb
[2009/08/10 13:56:23 | 13,716,300 | ---- | C] () -- C:\Users\**********\Desktop\supercell - Kimi no Shiranai Monogatari.mp3
[2009/08/02 23:04:31 | 02,896,501 | ---- | C] () -- C:\Users\**********\Desktop\Drunken Master Theme (mandarin) - Jackie Chan[MP3-Codes.com].mp3
[2009/07/19 02:58:23 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/16 20:26:08 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/07/16 20:25:14 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/16 20:25:07 | 00,091,648 | ---- | C] () -- C:\Windows\SysWow64\IPHLPAPI.DLL
[2009/06/10 06:31:04 | 00,089,088 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
[2009/04/08 23:00:32 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/01/10 20:56:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Files - Modified Within 30 Days ==========

[2009/09/01 10:46:20 | 01,171,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/09/01 10:46:20 | 00,598,350 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/09/01 10:46:20 | 00,384,738 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2009/09/01 10:46:20 | 00,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2009/09/01 10:46:20 | 00,101,988 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/09/01 10:45:42 | 00,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DE18761-1FC5-48DF-80DD-DD5FD71A3E79}.job
[2009/09/01 10:41:01 | 00,068,992 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/09/01 10:41:00 | 00,068,992 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/09/01 10:39:58 | 00,004,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/01 10:39:58 | 00,004,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/01 10:39:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/01 10:39:54 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/01 10:39:47 | 21,371,20767 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/01 02:52:31 | 00,001,460 | ---- | M] () -- C:\Users\**********\AppData\Local\d3d9caps64.dat
[2009/09/01 02:38:29 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe
[2009/08/31 20:52:02 | 00,165,376 | ---- | M] () -- C:\Users\**********\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/30 22:02:40 | 00,001,573 | ---- | M] () -- C:\Users\**********\Desktop\HijackThis.lnk
[2009/08/30 20:02:41 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\**********\Desktop\HijackThisInstaller.exe
[2009/08/30 19:53:23 | 00,000,709 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/30 19:52:39 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\**********\Desktop\mbam-setup.exe
[2009/08/30 12:45:00 | 03,171,456 | ---- | M] (Uniblue Systems Ltd. ) -- C:\Users\**********\Desktop\DriverScanner.exe
[2009/08/30 12:13:15 | 00,192,603 | ---- | M] () -- C:\Users\**********\Desktop\16286-utorrent.c9a6.dmp
[2009/08/30 12:12:26 | 00,197,976 | ---- | M] () -- C:\Users\**********\Desktop\16286-utorrent.3823.dmp
[2009/08/30 12:12:24 | 00,288,560 | ---- | M] (BitTorrent, Inc.) -- C:\Users\**********\Desktop\utorrent.exe
[2009/08/30 02:13:36 | 02,513,432 | ---- | M] (Intel® Corporation) -- C:\Users\**********\Desktop\infinst_autol.exe
[2009/08/27 11:31:13 | 00,001,875 | ---- | M] () -- C:\Users\Public\Desktop\Supreme Commander.lnk
[2009/08/26 19:52:08 | 05,603,328 | ---- | M] (Gas Powered Games) -- C:\Users\**********\Desktop\supcom_fa_patch_1.5.3598_to_1.5.3599.exe
[2009/08/26 19:51:38 | 05,615,616 | ---- | M] (Gas Powered Games) -- C:\Users\**********\Desktop\supcom_fa_patch_1.5.3596_to_1.5.3598.exe
[2009/08/26 14:13:27 | 00,041,984 | ---- | M] () -- C:\Users\**********\Desktop\Resume_Xuan Liang, editted.doc
[2009/08/25 15:25:48 | 00,380,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/08/19 19:34:40 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2009/08/18 01:19:08 | 01,199,104 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/17 12:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2009/08/17 12:06:05 | 00,089,680 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2009/08/17 12:05:43 | 00,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2009/08/17 12:05:31 | 00,065,616 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2009/08/17 12:04:43 | 00,058,448 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2009/08/17 12:04:32 | 00,027,216 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2009/08/17 12:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\AvastSS.scr
[2009/08/15 16:23:16 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/08/10 23:04:26 | 13,716,300 | ---- | M] () -- C:\Users\**********\Desktop\supercell - Kimi no Shiranai Monogatari.mp3
[2009/08/03 21:45:55 | 00,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/08/03 13:36:08 | 00,022,040 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/08/03 02:57:13 | 02,896,501 | ---- | M] () -- C:\Users\**********\Desktop\Drunken Master Theme (mandarin) - Jackie Chan[MP3-Codes.com].mp3

========== LOP Check ==========

[2009/08/30 19:53:24 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming
[2009/07/26 18:02:51 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Bioshock
[2008/11/03 01:30:46 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\DAEMON Tools
[2009/07/16 21:31:46 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\DAEMON Tools Lite
[2008/11/03 01:30:46 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\DAEMON Tools Pro
[2006/11/02 11:06:33 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Media Center Programs
[2009/01/10 20:07:49 | 00,000,000 | RH-D | M] -- C:\Users\**********\AppData\Roaming\SecuROM
[2009/08/30 12:57:27 | 00,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\uTorrent
[2009/09/01 10:39:58 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/01 02:39:12 | 00,018,806 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/01 10:45:42 | 00,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DE18761-1FC5-48DF-80DD-DD5FD71A3E79}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >

< %TEMP%\antiwpa_crypt.dll >

< %TEMP%\antiwpa.dll /s >

< %PROGRAMFILES%\antiwpa.dll /s >

< %systemroot%\system32\crypt.dll >

< %TEMP%\crypt.dll >

< %SYSTEMDRIVE%\*. >
[2009/09/01 02:38:28 | 00,000,000 | R--D | M] -- C:
[2009/01/10 12:17:58 | 00,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/07/16 20:45:31 | 00,000,000 | -HSD | M] -- C:\Boot
[2006/11/02 11:41:02 | 00,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/08/30 12:43:08 | 00,000,000 | ---D | M] -- C:\Games
[2009/01/10 12:35:48 | 00,000,000 | ---D | M] -- C:\Intel
[2009/01/10 15:56:34 | 00,000,000 | RH-D | M] -- C:\MSOCache
[2009/08/22 16:43:02 | 00,000,000 | ---D | M] -- C:\MyStuff
[2009/07/16 21:41:32 | 00,000,000 | ---D | M] -- C:\NVIDIA
[2009/01/10 21:12:57 | 00,000,000 | ---D | M] -- C:\PerfLogs
[2009/07/16 15:26:53 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/08/30 11:16:04 | 00,000,000 | R--D | M] -- C:\Program Files (x86)
[2009/08/30 19:53:20 | 00,000,000 | -H-D | M] -- C:\ProgramData
[2009/01/10 12:40:14 | 00,000,000 | ---D | M] -- C:\RaidTool
[2009/08/30 22:02:40 | 00,000,000 | ---D | M] -- C:\Security
[2009/08/30 19:51:13 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/08/27 11:31:19 | 00,000,000 | ---D | M] -- C:\temp
[2009/01/10 12:15:38 | 00,000,000 | R--D | M] -- C:\Users
[2009/09/01 02:40:33 | 00,000,000 | ---D | M] -- C:\Windows

< %SYSTEMDRIVE%\*.* >
[2009/04/11 02:36:36 | 00,333,257 | RHS- | M] () -- C:\bootmgr
[2009/01/10 15:05:16 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2008/04/11 10:07:18 | 00,003,820 | ---- | M] () -- C:\eula.1028.txt
[2008/04/11 10:07:18 | 00,015,428 | ---- | M] () -- C:\eula.1031.txt
[2008/04/11 10:07:18 | 00,010,058 | ---- | M] () -- C:\eula.1033.txt
[2008/04/11 10:07:18 | 00,012,246 | ---- | M] () -- C:\eula.1036.txt
[2008/04/11 10:07:18 | 00,013,912 | ---- | M] () -- C:\eula.1040.txt
[2008/04/11 10:07:18 | 00,005,868 | ---- | M] () -- C:\eula.1041.txt
[2008/04/11 10:07:18 | 00,005,970 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 10:07:18 | 00,010,134 | ---- | M] () -- C:\eula.1049.txt
[2008/04/11 10:07:18 | 00,003,814 | ---- | M] () -- C:\eula.2052.txt
[2008/04/11 10:07:18 | 00,012,936 | ---- | M] () -- C:\eula.3082.txt
[2008/04/11 10:07:18 | 00,001,110 | ---- | M] () -- C:\globdata.ini
[2007/03/17 07:41:22 | 00,171,136 | RHS- | M] () -- C:\grldr
[2009/09/01 10:39:47 | 21,371,20767 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/11 10:07:18 | 00,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 08:03:48 | 00,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 08:03:48 | 00,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 08:03:48 | 00,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 08:03:48 | 00,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 08:03:48 | 00,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 08:03:48 | 00,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 08:03:48 | 00,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 10:09:24 | 00,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 08:03:48 | 00,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 08:03:48 | 00,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/03/18 17:15:51 | 00,001,142 | ---- | M] () -- C:\NTDClient.log
[2009/09/01 10:39:46 | 24,507,31007 | -HS- | M] () -- C:\pagefile.sys
[2008/04/11 10:07:18 | 00,005,686 | ---- | M] () -- C:\vcredist.bmp
[2008/04/11 10:09:38 | 03,797,292 | ---- | M] () -- C:\VC_RED.cab
[2008/04/11 10:11:40 | 00,233,472 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2009/08/30 11:16:04 | 00,000,000 | R--D | M] -- C:\Program Files (x86)
[2009/08/30 11:43:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\ABC Amber Sony Converter
[2009/03/25 19:32:09 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2009/07/16 21:43:04 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2009/01/10 22:30:44 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\CD Audio Reader Filter
[2009/01/11 03:14:43 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\CDisplay
[2009/03/06 21:53:18 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2009/07/16 21:31:01 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2009/01/10 22:27:04 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\DirectVobSub
[2009/07/16 16:16:39 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\DScaler5
[2009/01/10 22:28:20 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\DSP-worx
[2009/07/19 02:58:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\ffdshow
[2009/01/10 22:28:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Haali
[2009/08/27 11:19:09 | 00,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/01/10 12:36:04 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2009/08/25 15:23:27 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2009/04/06 19:38:54 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Lavalys
[2009/01/10 18:22:28 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2009/01/10 16:03:43 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2009/01/21 20:34:06 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Reader
[2009/08/12 03:16:48 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/01/10 16:03:34 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/01/10 16:00:48 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/07/16 19:38:13 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2009/01/10 16:03:12 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/01/10 22:30:53 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\MONOGRAM AMR SplitterDecoder
[2009/08/25 15:34:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/01/10 16:03:47 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/04/06 19:45:37 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\MSI
[2009/01/10 18:48:57 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2008/11/03 01:18:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2008/11/03 01:21:32 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\NeroInstall.bak
[2009/06/18 13:31:22 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\NOS
[2009/01/10 22:30:21 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\OpenSource Flash Video Splitter
[2009/01/10 22:30:14 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\RealMedia
[2009/01/10 12:41:26 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2006/11/02 11:06:36 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2009/04/06 20:02:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Setup Files
[2009/01/10 22:28:35 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\SHOUTcast Source
[2009/07/16 21:34:02 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2009/01/10 12:40:26 | 00,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2006/11/02 11:33:57 | 00,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009/08/30 12:57:36 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2009/03/26 20:51:48 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Veoh Networks
[2009/03/18 17:17:06 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Verizon
[2009/07/16 20:39:40 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2009/01/10 21:13:56 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2009/01/10 22:16:34 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2009/08/12 03:15:07 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2009/08/12 03:15:07 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006/11/02 11:06:36 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/16 20:39:40 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2009/07/16 20:39:40 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2009/06/11 22:34:10 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\WinMerge
[2009/05/13 18:07:07 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Zoom Player
< End of report >

Extras.txt:

OTL Extras logfile created on: 9/1/2009 10:46:51 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\**********\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 691.65 Gb Free Space | 74.25% Space Free | Partition Type: NTFS
Drive D: | 3.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 149.05 Gb Total Space | 28.04 Gb Free Space | 18.81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XIAOLECHEN-PC
Current User Name: **********
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 06 7C 59 C9 8A 73 C9 01 [binary data]
"VistaSp2" = FC 1F 27 DC 77 06 CA 01 [binary data] -- (Microsoft Corporation)

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BD6B43-3B8B-42CA-8B84-3511F0214D1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{089F64DF-54C8-475E-B6DD-5D467181E8C5}" = rport=445 | protocol=6 | dir=out | app=system |
"{115BCBC6-8C53-4A0A-B835-1F206A2E7A33}" = lport=138 | protocol=17 | dir=in | app=system |
"{29BD614D-9371-431F-A0C7-FCC1237F100F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{553E6410-E7EC-434E-A618-1785FD90C38A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{95BE9F0F-12CF-4B70-8F78-990A78EDADEA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A0D09E92-EC42-407F-9C51-988AE25A675B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A36B400E-2E27-4D53-809A-D314855C8927}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AC0EDCF8-6550-4A33-A9BD-3E38CA477C04}" = lport=139 | protocol=6 | dir=in | app=system |
"{B39FFE24-DAB0-449C-B2D0-95C2CF0AFF03}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B4FD2C2D-A7E9-4B92-BD2E-0F3934A49C4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C1B1311F-3720-4819-9BC4-4207A5A89386}" = lport=445 | protocol=6 | dir=in | app=system |
"{CEB0E157-74CB-4244-B26E-B2AD617F91DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{DA7F45B8-7AAD-43FA-B591-B05F65185A62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E08DB495-5238-4505-8180-A9A018B4084D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E15AC9C7-8C93-48D8-A303-95624945FD51}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E73F1B30-7356-46D9-A288-3E9E8AEE663A}" = lport=137 | protocol=17 | dir=in | app=system |
"{EB9C0932-8332-4729-919D-4D875967193F}" = rport=139 | protocol=6 | dir=out | app=system |
"{F40E40EB-E206-4C16-B990-8E7C6B29A9C0}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00488BA3-2F18-4D99-A710-02D53B3F7202}" = protocol=6 | dir=in | app=c:\games\sins of a solar empire\sins of a solar empire.exe |
"{0694167C-765A-4276-B220-9EA2C99FBDF6}" = protocol=17 | dir=in | app=c:\games\farcry2\far cry 2\bin\fc2launcher.exe |
"{10FE7AF1-C2A6-4FBC-AE42-3937AFA79363}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{112DF767-691B-41D6-861B-4229B3CA800E}" = protocol=17 | dir=in | app=c:\games\farcry2\far cry 2\bin\farcry2.exe |
"{24D5A799-7474-4964-94E3-AFC5D9600A5B}" = protocol=17 | dir=in | app=c:\games\sins of a solar empire\sins of a solar empire.exe |
"{2D2932C7-0B3E-4363-A498-6379D7D0C9CD}" = protocol=17 | dir=in | app=c:\games\supreme\gpgnet\gpg.multiplayer.client.exe |
"{3BFA8086-DCE1-42BF-84AB-2AAEE889281D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{43EE0578-F117-4AF7-9721-BE4AAF21F80E}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4C16D99D-5864-4874-8E67-05B849F60978}" = protocol=6 | dir=in | app=c:\games\civ4\civilization4.exe |
"{50396E78-0DCF-4E97-8BE4-AFC35E27064A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{583C17E7-9BBA-4CC1-A67B-046BE7309503}" = protocol=17 | dir=in | app=c:\games\civ4\beyond the sword\civ4beyondsword_pitboss.exe |
"{5CC614DC-CC82-44CF-BFEB-BE9B7608680D}" = protocol=17 | dir=in | app=c:\games\civ4\beyond the sword\civ4beyondsword.exe |
"{5E1935BA-68AF-472C-BFE4-5FD7ED57BF47}" = protocol=6 | dir=in | app=c:\games\civ4\beyond the sword\civ4beyondsword.exe |
"{67B01249-6847-4124-BDB3-552BFD30712F}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{87FAC9D0-4BB8-4A4F-8D07-839CBF72AE89}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{88D0F3C1-DD29-473F-B41D-F052CC39CF6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8A071A42-6BA4-4F55-997B-9137986AF335}" = protocol=6 | dir=in | app=c:\games\farcry2\far cry 2\bin\fc2editor.exe |
"{902C1C59-120E-46B8-A6D0-D3BEA67C4967}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9270F238-44FA-433C-AE30-CCE2596BB9D2}" = protocol=6 | dir=in | app=c:\games\farcry2\far cry 2\bin\farcry2.exe |
"{9611FE5A-7858-4321-A115-2BFF4F03307C}" = protocol=17 | dir=in | app=c:\games\supreme\supreme commander\bin\supremecommander.exe |
"{B17D5C31-1028-4B11-B08D-5D9A6456CF12}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B42EC6B8-CDAC-4157-A669-6231ACEB4475}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{BE9A6469-F4E3-42D6-8F7D-34B877E2795E}" = protocol=6 | dir=in | app=c:\games\civ4\beyond the sword\civ4beyondsword_pitboss.exe |
"{C5F7A88B-DB55-401D-9FD5-7B2F55F99719}" = protocol=17 | dir=in | app=c:\games\civ4\warlords\civ4warlords_pitboss.exe |
"{C9FC5DA9-EF98-4C05-A9B0-814AB1596C8A}" = protocol=6 | dir=in | app=c:\games\civ4\warlords\civ4warlords.exe |
"{CB7802E8-5F50-4034-B038-A5179F0CADF0}" = protocol=17 | dir=in | app=c:\games\civ4\civilization4.exe |
"{D1B0B393-C9A9-42AD-949E-DB02DA8B2FB3}" = protocol=6 | dir=in | app=c:\games\farcry2\far cry 2\bin\fc2launcher.exe |
"{D36E504D-EC91-4B27-AF1A-0DF013A3139B}" = protocol=17 | dir=in | app=c:\games\civ4\warlords\civ4warlords.exe |
"{E13B914C-7CC9-4171-B0AF-B118E43013FD}" = protocol=6 | dir=in | app=c:\games\civ4\warlords\civ4warlords_pitboss.exe |
"{E4338E7F-3FEC-4AE7-9509-6BCE9A49EC13}" = protocol=17 | dir=in | app=c:\games\farcry2\far cry 2\bin\fc2editor.exe |
"{E529914E-9D08-4123-880B-E91C05D52FCD}" = protocol=6 | dir=in | app=c:\games\supreme\gpgnet\gpg.multiplayer.client.exe |
"{E9C0B6A2-DBAB-41BD-9EA5-051426E276EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{EB536C05-CC78-4A5B-8034-0D809A053BE5}" = protocol=6 | dir=in | app=c:\games\supreme\supreme commander\bin\supremecommander.exe |
"{F8450BD4-E2D4-4157-98C4-6F9E01A83FA4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FF3F884B-CA32-40D5-9C62-95191A20C470}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{7CCC9315-49C5-43B5-9034-8AAD84FA64C8}C:\users\**********\desktop\virtual\stubexe\@programfiles@\diskeeper corporation\diskeeper\dkservice.exe" = protocol=6 | dir=in | app=c:\users\**********\desktop\virtual\stubexe\@programfiles@\diskeeper corporation\diskeeper\dkservice.exe |
"TCP Query User{8F2A7767-EE55-45DA-9C7F-0EE4E367ED89}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{ADC89B82-D51B-4E7D-A1D2-0E56EEA56A7E}C:\games\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\games\far cry 2\bin\farcry2.exe |
"UDP Query User{25EB0414-2A8F-45CC-B46F-EC96CA5D69D5}C:\games\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\games\far cry 2\bin\farcry2.exe |
"UDP Query User{3F4DEB09-8B74-45C0-811B-96870A47B099}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{A5B57E09-20B0-492D-B3FB-C5CDCCA4D775}C:\users\**********\desktop\virtual\stubexe\@programfiles@\diskeeper corporation\diskeeper\dkservice.exe" = protocol=17 | dir=in | app=c:\users\**********\desktop\virtual\stubexe\@programfiles@\diskeeper corporation\diskeeper\dkservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0464-000001000000}" = 7-Zip 4.64 (x64 edition)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8651784F-123E-4E8F-A5AD-60B8BE121033}" = Nero 8 Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"ABC Amber Sony Converter" = ABC Amber Sony Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"BAT Mod" = BAT Mod
"Brass Restoration English_is1" = Brass Restoration English v1.0
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CDisplay_is1" = CDisplay 1.8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DC-Bass Source" = DC-Bass Source 1.1.1
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"Fate-stay night English" = Fate/stay night English v3.2
"ffdshow_is1" = ffdshow [rev 3026] [2009-07-05]
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Quot Capita" = Quot Capita (remove only)
"RealMedia" = RealMedia (remove only)
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SystemRequirementsLab" = System Requirements Lab
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"WinMerge_is1" = WinMerge 2.12.4
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BUG Mod 3.6" = BUG Mod 3.6

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/30/2009 1:32:31 AM | Computer Name = **********-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\**********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XNV28LPE\Nodiatis300250Girl_FLASH6-2[1].swf
failed, 00000005.

Error - 5/2/2009 11:11:13 PM | Computer Name = **********-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\**********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CRPLMDO7\net2[1].htm
failed, 00000005.

Error - 5/2/2009 11:56:36 PM | Computer Name = **********-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\**********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYNXGZ7\myprofilepimp_comCA6F059D.htm
failed, 00000005.

Error - 5/4/2009 3:53:38 PM | Computer Name = **********-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\**********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZYNXGZ7\main[1].swf
failed, 00000005.

Error - 6/7/2009 2:50:59 PM | Computer Name = **********-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\**********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJ21N728\Main[1].swf
failed, 00000005.

Error - 6/11/2009 2:13:44 PM | Computer Name = **********-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\**********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB3DYBG3\goodbye_728x90[1].swf
failed, 00000005.

Error - 6/15/2009 11:23:20 PM | Computer Name = **********-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\**********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MSE0ZC3\CON_100207_SYS_NOTEBOOK_INSP15_BA_LINES_06152009_INTEL_728x90[1].swf
failed, 00000005.

Error - 6/19/2009 9:07:22 PM | Computer Name = **********-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\**********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7VJ9E1C\Evangelion_Genocide_Extended[1].htm
failed, 00000005.

Error - 8/3/2009 5:34:25 PM | Computer Name = **********-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\**********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94ZMBPMQ\polarkreis-728x90-en-loop[1].swf
failed, 00000005.

Error - 8/12/2009 3:14:37 AM | Computer Name = **********-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\**********\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Z0J7GFD\freechat[1].htm
failed, 00000005.

[ Application Events ]
Error - 9/1/2009 2:41:38 AM | Computer Name = **********-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 9/1/2009 2:41:38 AM | Computer Name = **********-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 9/1/2009 10:41:21 AM | Computer Name = **********-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 9/1/2009 10:41:21 AM | Computer Name = **********-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 9/1/2009 10:41:22 AM | Computer Name = **********-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 9/1/2009 10:41:22 AM | Computer Name = **********-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 9/1/2009 10:41:26 AM | Computer Name = **********-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 9/1/2009 10:41:26 AM | Computer Name = **********-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

Error - 9/1/2009 10:44:07 AM | Computer Name = **********-PC | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6002.18065, time stamp
0x4a5dce03, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x4b021750, process id 0xcc, application start time
0x01ca2b12a621b092.

Error - 9/1/2009 10:45:36 AM | Computer Name = **********-PC | Source = Application Error | ID = 1000
Description = Faulting application avast.setup, version 4.8.0.0, time stamp 0x4a89bd4f,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x4b021750, process id 0x178c, application start time 0x01ca2b12dda46c89.

[ System Events ]
Error - 4/6/2009 7:13:09 PM | Computer Name = **********-PC | Source = DCOM | ID = 10016
Description =

Error - 4/6/2009 7:13:09 PM | Computer Name = **********-PC | Source = DCOM | ID = 10016
Description =

Error - 4/6/2009 7:13:09 PM | Computer Name = **********-PC | Source = DCOM | ID = 10016
Description =

Error - 4/6/2009 7:13:09 PM | Computer Name = **********-PC | Source = DCOM | ID = 10016
Description =

Error - 4/6/2009 7:45:52 PM | Computer Name = **********-PC | Source = DCOM | ID = 10010
Description =

Error - 4/6/2009 7:52:44 PM | Computer Name = **********-PC | Source = HTTP | ID = 15016
Description =

Error - 4/6/2009 7:55:09 PM | Computer Name = **********-PC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_FLASHSYS\0000 disappeared from the system without
first being prepared for removal.

Error - 4/6/2009 7:55:32 PM | Computer Name = **********-PC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_FLASHSYS\0000 disappeared from the system without
first being prepared for removal.

Error - 4/6/2009 7:56:43 PM | Computer Name = **********-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/6/2009 7:56:43 PM | Computer Name = **********-PC | Source = Application Popup | ID = 1060
Description = \??\C:\PROGRA~2\MSI\LIVEUP~1\NTGLM7X.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.


< End of report >

Attempting to run the program normally result in it crashing. I'm not certain what attempting to run it in safe mode with networking results in. It seemingly stalled with no progress, so I restarted and tried again in plain safe mode. However, I'm unsure whether it would have worked eventually in safe mode with networking since even in safe mode, I realized there were periods when it appeared stalled as well. It worked and rebooted my machine, but the problem persists. Incidently, I rebooted into normal Vista. If the program is unable to function in normal Vista, does rebooting into that instead of into safe mode affect its ability to remove the files it said it needed to with a reboot?

Further trying to open IE or Firefox works in Safe Mode, but obviously gets nowhere since there is no connectivity, however trying to do the same in Safe Mode with Networking causes a crash same as in a normal startup.

Hi guys, here is an update to my situation so hopefully some techs can take a look at it and give me an idea as to how to fix it.

Windows Media Player, IE, and Firefox all crash when started. The same occurs with Nero and every program with an automatic update function that I've tested. This refers to the automatic update functions on Avast Anti-virus, Malwarebytes, and Adobe Reader. The entire program shuts off when Malwarebytes crashes when attempting to update. Avast and Adobe Reader still function afterwards, only the updater crashes. For the Adobe update, when it crashes, Windows help pops up with a mention of Data Execution Prevention, but not any of the other crashes. However, Windows update does work.

Further, the install program for .NET Framework 3.5 crashes, as does the install and uninstall programs for uTorrent which I was using as a test, though the uninstall did seem to work in that I no longer have utorrent. Finally, both Malwarebytes and TFC crashed when attempting to remove files.

Every program or updater that crashes in normal Vista 64 also does so in safe mode with networking with the exception of WMP which wouldn't start at all. The installer for .NET also does not work.

IE works in safe mode without networking, but obviously with no connectivity. Firefox still crashes however, as does Nero and the updaters. However, Malwarebytes and TFC both work in plain safe mode, and MWB successfully removed the malware it detected while in safe mode. As it no longer finds any Malware, I'm unable to test to see if it would also work in Safe Mode with networking. WMP still just wouldn't start. The installation program for .NET Framework 3.5 works, but attempting to repair fail because it cannot download anything.

In normal Vista 64, IE 64 works fine, as does Zoomplayer. I apparently have two copies of WMP installed, one under program files, and one under program files (x86), which is the one all my shortcuts link to. The one installed under program files however works fine.

To Ankur:

I ran CCleaner's registry function as you asked, and it found a bunch of missing shared dlls in Windows\Microsoft.NET\framework\v1.0.3705\ and also gp.ocx under Windoes\Downloaded Program Files\. (this is why I was trying to repair .NET.) It also finds a missing startup software, wmpnscfg.exe in the WMP directory under program files (x86). Clicking fix, and then rebooting does not fix the problem, and I've restored the resgistry to what it was before the fix for now.

In the Hijackthis log posted in page 1, it lists many missing files, including a wmpnetwk.exe under the WMP directory under program files (x86). I checked the file, and indeed, wmpnetwk.exe, and wmpnscfg.exe are missing in the x86 copy of WMP, but not missing in the program files copy. I also checked my running processes, and both programs from my program files WMP are running. Might this explain why one copy of WMP works while the other crashes?

Further, might all those missing files help explain why my other programs are crashing? I honestly have no clue what's going on now. Previously, I had thought that everything works under plain safe mode, but not any other modes including safe mode with networking, so the problem can be isolated to just a few network drivers, but now that I know this is not the case, I'm clueless. Any help or ideas would be very welcome right now. I really hope that I don't have to reinstall Vista or worse, particularly since I don't have an up to date backup.