Hi Delta here are the logs you requested,
GMER 1.0.15.15640 -
http://www.gmer.netRootkit scan 2011-06-04 06:50:16
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9250320AS rev.0303
Running: v041zz53.exe; Driver: C:\Users\Liam\AppData\Local\Temp\kwtdapoc.sys
---- System - GMER 1.0.15 ----
SSDT 86AC3788 ZwAlertResumeThread
SSDT 86AB7068 ZwAlertThread
SSDT 86AD4220 ZwAllocateVirtualMemory
SSDT 8695B8A8 ZwAlpcConnectPort
SSDT 86AD4910 ZwAssignProcessToJobObject
SSDT 86AE54B8 ZwCreateMutant
SSDT 86A40E50 ZwCreateSymbolicLinkObject
SSDT 86A71A40 ZwCreateThread
SSDT 86AD6EF0 ZwDebugActiveProcess
SSDT 86A16B68 ZwDuplicateObject
SSDT 86ADB2A0 ZwFreeVirtualMemory
SSDT 86ACAD20 ZwImpersonateAnonymousToken
SSDT 86ACA110 ZwImpersonateThread
SSDT 868EF2B8 ZwLoadDriver
SSDT 86ADDBE0 ZwMapViewOfSection
SSDT 86AC4078 ZwOpenEvent
SSDT \??\C:\Windows\system32\drivers\EagleXNt.sys ZwOpenProcess [0xC561BE90]
SSDT 86A7D698 ZwOpenProcessToken
SSDT 86ACE630 ZwOpenSection
SSDT 86AD9DF0 ZwOpenThread
SSDT 86AD9748 ZwProtectVirtualMemory
SSDT 86A6E5F8 ZwResumeThread
SSDT 86A6D6E0 ZwSetContextThread
SSDT 86ADE180 ZwSetInformationProcess
SSDT 86ACFF70 ZwSetSystemInformation
SSDT 86ACFAE8 ZwSuspendProcess
SSDT \??\C:\Windows\system32\drivers\EagleXNt.sys ZwSuspendThread [0xC561BFE0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8E4E1620]
SSDT \??\C:\Windows\system32\drivers\EagleXNt.sys ZwTerminateThread [0xC561C230]
SSDT 86A71410 ZwUnmapViewOfSection
SSDT \??\C:\Windows\system32\drivers\EagleXNt.sys ZwWriteVirtualMemory [0xC561BD20]
SSDT 86AE5248 ZwCreateThreadEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ExfAcquirePushLockExclusive + 75E 8263C9CC 4 Bytes CALL 858E5AC9
.text ntkrnlpa.exe!KeSetTimerEx + 350 826BB974 8 Bytes [88, 37, AC, 86, 68, 70, AB, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 826BB988 4 Bytes [20, 42, AD, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 370 826BB994 4 Bytes [A8, B8, 95, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 826BB9E8 4 Bytes [10, 49, AD, 86]
.text ntkrnlpa.exe!KeSetTimerEx + 428 826BBA4C 4 Bytes [B8, 54, AE, 86]
.text ...
PAGE ntkrnlpa.exe!ZwReadVirtualMemory + 8 827DE1D1 4 Bytes CALL 855FF3C1
PAGE ntkrnlpa.exe!ZwWriteVirtualMemory + 8 8281103B 4 Bytes CALL 854631E9
PAGE ntkrnlpa.exe!NtOpenProcess + 29 82814F1B 4 Bytes CALL 80FE01B9
PAGE ntkrnlpa.exe!NtClose + 1C 82820CC1 4 Bytes CALL 84F8FE79
PAGE ntkrnlpa.exe!NtDeviceIoControlFile + 26 82839E39 4 Bytes CALL 858A0A31
PAGE ntkrnlpa.exe!ZwQueryPerformanceCounter + E2 8284F80F 4 Bytes CALL 850877A1
PAGE ntkrnlpa.exe!ZwQueryPerformanceCounter + BF7 82850324 4 Bytes CALL 855F0269
PAGE ntkrnlpa.exe!ZwGetContextThread + 2C 82855CAA 4 Bytes CALL 858A09B1
PAGE ntkrnlpa.exe!ZwGetContextThread + 5B 82855CD9 4 Bytes CALL 858A0991
PAGE ntkrnlpa.exe!ZwSuspendThread + EC 82855DD6 4 Bytes CALL 85841321
PAGE ntkrnlpa.exe!ZwSetContextThread + 2C 8289825F 4 Bytes CALL 858BFC09
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8D40D000, 0x1F875A, 0xE8000020]
? C:\Windows\system32\drivers\EagleXNt.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!LdrLoadDll 77A279B3 5 Bytes JMP 02220780 C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll (IEHelper/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtClose 77A57BB8 5 Bytes JMP 10047D70 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtCreateKey 77A57CB8 2 Bytes JMP 10047CF0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtCreateKey + 3 77A57CBB 2 Bytes [5F, 98] {POP EDI; CWDE }
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtDeleteKey 77A58068 5 Bytes JMP 10047D90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtDeleteValueKey 77A58098 5 Bytes JMP 10047DB0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtMapViewOfSection 77A583C8 5 Bytes JMP 044C003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtOpenKey 77A58488 5 Bytes JMP 10047D20 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtQueryValueKey 77A58878 5 Bytes JMP 10047C90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ntdll.dll!NtSetValueKey 77A58CF8 5 Bytes JMP 10047CC0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!SetWindowsHookExW 776D7B69 5 Bytes JMP 6EA89B01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!CallNextHookEx 776D8C33 5 Bytes JMP 6EA7D125 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxIndirectParamW 776DBD25 5 Bytes JMP 6EB85117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!CreateWindowExW 776E3D67 5 Bytes JMP 6EA8DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxParamW 776F1FD5 5 Bytes JMP 6E9B54BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!UnhookWindowsHookEx 777008BE 5 Bytes JMP 6E9F4664 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxParamA 777180B2 5 Bytes JMP 6EB850B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!DialogBoxIndirectParamA 777183DD 5 Bytes JMP 6EB8517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxIndirectA 7772D471 5 Bytes JMP 6EB85049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxIndirectW 7772D56B 5 Bytes JMP 6EB84FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxExA 7772D5D1 5 Bytes JMP 6EB84F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] USER32.dll!MessageBoxExW 7772D5F5 5 Bytes JMP 6EB84F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ole32.dll!OleLoadFromStream 76129794 5 Bytes JMP 6EB8547F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ole32.dll!CoRevokeInitializeSpy + 109 76146173 7 Bytes JMP 044C00F7
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ole32.dll!CoCreateInstance 7615E2D8 5 Bytes JMP 6EA8DBB8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2080] ole32.dll!CoCreateInstance + 3E 7615E316 7 Bytes JMP 044C01B1
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!LdrLoadDll 77A279B3 5 Bytes JMP 02430780 C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll (IEHelper/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtClose 77A57BB8 5 Bytes JMP 10047D70 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtCreateKey 77A57CB8 2 Bytes JMP 10047CF0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtCreateKey + 3 77A57CBB 2 Bytes [5F, 98] {POP EDI; CWDE }
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtDeleteKey 77A58068 5 Bytes JMP 10047D90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtDeleteValueKey 77A58098 5 Bytes JMP 10047DB0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtOpenKey 77A58488 5 Bytes JMP 10047D20 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtQueryValueKey 77A58878 5 Bytes JMP 10047C90 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ntdll.dll!NtSetValueKey 77A58CF8 5 Bytes JMP 10047CC0 C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!DialogBoxIndirectParamW 776DBD25 5 Bytes JMP 6EB85117 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!CreateWindowExW 776E3D67 5 Bytes JMP 6EA8DB5C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!DialogBoxParamW 776F1FD5 5 Bytes JMP 6E9B54BD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!DialogBoxParamA 777180B2 5 Bytes JMP 6EB850B4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!DialogBoxIndirectParamA 777183DD 5 Bytes JMP 6EB8517A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!MessageBoxIndirectA 7772D471 5 Bytes JMP 6EB85049 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!MessageBoxIndirectW 7772D56B 5 Bytes JMP 6EB84FDE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!MessageBoxExA 7772D5D1 5 Bytes JMP 6EB84F7C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] USER32.dll!MessageBoxExW 7772D5F5 5 Bytes JMP 6EB84F1A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4208] ole32.dll!CoCreateInstance 7615E2D8 5 Bytes JMP 02432C50 C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll (IEHelper/Discordia, LTD)
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!CreateProcessW 77081C01 5 Bytes JMP 65FBBF00 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!CreateProcessA 77081C36 5 Bytes JMP 65FBBD40 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!LoadLibraryExW 770A30C3 7 Bytes JMP 65FBC230 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!LoadLibraryW 770A361F 5 Bytes JMP 65FBC120 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!LoadLibraryExA 770A9469 5 Bytes JMP 65FBC1A0 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!LoadLibraryA 770A9491 5 Bytes JMP 65FBC0A0 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!GetEnvironmentVariableA 770ACD38 5 Bytes JMP 65FBC550 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] kernel32.dll!GetProcAddress 770CB8B6 5 Bytes JMP 65FBC2D0 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] ADVAPI32.dll!RegOpenKeyExW 7763F09D 5 Bytes JMP 65FBC380 c:\program files\cracked steam\SmartSteam.dll
.text c:\program files\cracked steam\steam.exe[4600] ole32.dll!StringFromGUID2 7615E6EE 5 Bytes JMP 65FBC460 c:\program files\cracked steam\SmartSteam.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
Device \Driver\kbdclass \Device\KeyboardClass0 A30DA1A8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
---- EOF - GMER 1.0.15 ----
here is the OTL,
OTL logfile created on: 3/06/2011 4:33:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Liam\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.78% Memory free
4.23 Gb Paging File | 3.09 Gb Available in Paging File | 72.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 16.08 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 85.18 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
Drive I: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 930.86 Gb Total Space | 572.90 Gb Free Space | 61.54% Space Free | Partition Type: NTFS
Computer Name: LIAM-PC | User Name: Liam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\Liam\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - c:\Program Files\Cracked Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
========== Modules (SafeList) ========== MOD - C:\Users\Liam\Documents\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (Norton Internet Security) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110602.019\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110602.019\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110602.001\IDSvix86.sys (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (msloop) -- C:\Windows\System32\drivers\loop.sys (Microsoft Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/redirectdomain ... &bmod=ASUSIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/ig/redirectdomain ... &bmod=ASUSIE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/redirectdomain ... &bmod=ASUSIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com.au/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://ninemsn.com.au/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 6E 4D FD 7E EF CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http:5555
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = ninemsn.com.au
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/01/18 16:26:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
[2011/04/01 18:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\extensions
[2011/04/01 18:18:29 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Cracked Steam Service] C:\Program Files\Cracked Steam\Cracked Steam.exe (Anti-Valve Software )
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66}
http://nxcache.nexon.net/mabinogi/rende ... 0.5.03.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Liam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Liam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/29 06:00:27 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1492de04-d42f-11df-9741-00248c8208aa}\Shell - "" = AutoRun
O33 - MountPoints2\{1492de04-d42f-11df-9741-00248c8208aa}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- [2010/01/22 10:13:40 | 003,330,848 | ---- | M] (Western Digital)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/06/03 16:04:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Liam\Documents\OTL.exe
[2011/05/31 19:54:06 | 000,606,738 | R--- | C] (Swearware) -- C:\Users\Liam\Documents\dds.com
[2011/05/31 16:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/05/31 16:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/05/31 16:31:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/30 20:12:47 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\SUPERAntiSpyware.com
[2011/05/30 20:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/30 20:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/05/30 20:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/30 19:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/30 19:33:28 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/30 16:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011/05/30 16:38:44 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\PackageAware
[2011/05/29 17:26:27 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Cross Fire
[2011/05/29 17:26:15 | 000,000,000 | ---D | C] -- C:\CFLog
[2011/05/26 20:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert AVI to MP4
[2011/05/26 20:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Convert AVI to MP4
[2011/05/26 14:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cracked Steam
[2011/05/26 14:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/05/26 14:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\Cracked Steam
[2011/05/26 13:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/05/23 20:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft XNA Game Studio 4.0
[2011/05/23 19:57:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/05/23 19:57:47 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/05/23 19:57:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/05/23 19:57:40 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/05/23 19:57:12 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/05/23 19:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/05/23 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/05/23 19:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/05/23 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Visual Studio 2010
[2011/05/23 19:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/05/23 19:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/05/23 19:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/05/23 19:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/05/23 19:10:09 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011/05/23 19:09:35 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/05/23 19:09:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011/05/23 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2011/05/21 21:46:33 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Local\PunkBuster
[2011/05/21 21:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011/05/21 20:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011/05/18 18:13:24 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Kingdom Hearts Piano Collections Field & Battle
[2011/05/15 18:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/05/15 18:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/05/15 18:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/05/15 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/13 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Shark Picture
[2011/05/08 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/05/08 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\Quick Music
[2011/05/08 15:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2011/05/08 15:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/05/08 09:30:57 | 000,000,000 | ---D | C] -- C:\Users\Liam\Documents\My Games
[2011/05/07 21:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halo Combat Evolved
[2011/05/06 17:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2008/06/03 16:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2008/05/22 09:38:59 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Users\Liam\Documents\*.tmp files -> C:\Users\Liam\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/06/03 16:26:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/03 16:26:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 16:26:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/03 16:26:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/03 16:26:02 | 2146,721,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/03 16:04:54 | 000,302,592 | ---- | M] () -- C:\Users\Liam\Documents\v041zz53.exe
[2011/06/03 16:04:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Liam\Documents\OTL.exe
[2011/06/03 08:19:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/02 20:27:32 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2D4ECED4-F694-4FEB-A786-9B14DD895488}.job
[2011/06/01 20:41:59 | 000,138,240 | ---- | M] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/31 19:54:16 | 000,606,738 | R--- | M] (Swearware) -- C:\Users\Liam\Documents\dds.com
[2011/05/31 19:52:52 | 000,002,521 | ---- | M] () -- C:\Users\Liam\Desktop\HiJackThis.lnk
[2011/05/30 20:12:38 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/28 15:16:43 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/27 17:34:40 | 000,000,700 | ---- | M] () -- C:\Users\Liam\Desktop\Fraps.lnk
[2011/05/26 14:35:59 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\Cracked Steam.lnk
[2011/05/24 20:18:38 | 000,627,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/24 20:18:38 | 000,116,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/24 15:53:48 | 000,391,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/23 16:45:11 | 000,000,759 | ---- | M] () -- C:\Users\Liam\Desktop\Audacity.lnk
[2011/05/22 18:55:11 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Liam.job
[2011/05/21 21:47:01 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/21 21:32:50 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2011/05/21 21:32:50 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2011/05/21 21:07:06 | 000,022,328 | ---- | M] () -- C:\Users\Liam\AppData\Roaming\PnkBstrK.sys
[2011/05/21 21:06:17 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2011/05/21 15:03:36 | 000,001,940 | ---- | M] () -- C:\Users\Liam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/20 07:36:38 | 005,144,978 | ---- | M] () -- C:\Users\Liam\Documents\Goofy goober rock!.mp3
[2011/05/20 07:33:08 | 003,368,162 | ---- | M] () -- C:\Users\Liam\Documents\Goofy goober rock!.flv
[2011/05/18 18:53:19 | 113,055,541 | ---- | M] () -- C:\Users\Liam\Documents\KH Piano Collections - Sheet Music.zip
[2011/05/18 17:56:19 | 091,564,854 | ---- | M] () -- C:\Users\Liam\Documents\kingdom hearts piano collections field & battle.rar
[2011/05/15 18:43:01 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/05/09 19:59:50 | 000,086,991 | ---- | M] () -- C:\Users\Liam\Documents\Dearly-Beloved.pdf
[2011/05/09 19:55:03 | 000,128,887 | ---- | M] () -- C:\Users\Liam\Documents\Reviving-Hollow-Bastion.pdf
[2011/05/08 15:35:32 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/05/07 21:43:28 | 000,000,617 | ---- | M] () -- C:\Users\Public\Desktop\Halo .lnk
[1 C:\Users\Liam\Documents\*.tmp files -> C:\Users\Liam\Documents\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/06/03 16:04:36 | 000,302,592 | ---- | C] () -- C:\Users\Liam\Documents\v041zz53.exe
[2011/05/30 20:12:38 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/30 19:33:28 | 000,002,521 | ---- | C] () -- C:\Users\Liam\Desktop\HiJackThis.lnk
[2011/05/26 14:29:48 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\Cracked Steam.lnk
[2011/05/23 16:45:11 | 000,000,771 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011/05/23 16:45:11 | 000,000,759 | ---- | C] () -- C:\Users\Liam\Desktop\Audacity.lnk
[2011/05/21 21:32:50 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Singleplayer.lnk
[2011/05/21 21:32:50 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) Multiplayer.lnk
[2011/05/21 21:06:17 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2011/05/20 07:33:18 | 005,144,978 | ---- | C] () -- C:\Users\Liam\Documents\Goofy goober rock!.mp3
[2011/05/20 07:33:08 | 003,368,162 | ---- | C] () -- C:\Users\Liam\Documents\Goofy goober rock!.flv
[2011/05/19 16:09:16 | 000,001,940 | ---- | C] () -- C:\Users\Liam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 18:53:17 | 113,055,541 | ---- | C] () -- C:\Users\Liam\Documents\KH Piano Collections - Sheet Music.zip
[2011/05/18 17:56:18 | 091,564,854 | ---- | C] () -- C:\Users\Liam\Documents\kingdom hearts piano collections field & battle.rar
[2011/05/15 18:43:01 | 000,000,811 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/05/09 19:59:49 | 000,086,991 | ---- | C] () -- C:\Users\Liam\Documents\Dearly-Beloved.pdf
[2011/05/09 19:55:02 | 000,128,887 | ---- | C] () -- C:\Users\Liam\Documents\Reviving-Hollow-Bastion.pdf
[2011/05/08 19:37:26 | 000,000,700 | ---- | C] () -- C:\Users\Liam\Desktop\Fraps.lnk
[2011/05/08 15:35:32 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/05/07 21:43:28 | 000,000,617 | ---- | C] () -- C:\Users\Public\Desktop\Halo .lnk
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/03 15:49:09 | 000,000,276 | ---- | C] () -- C:\Windows\System32\ms-securea.ini
[2011/01/18 17:27:02 | 000,000,006 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\start_pal
[2010/12/25 11:59:35 | 000,006,123 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\NMM-MetaData.db
[2010/05/09 11:16:06 | 000,000,552 | ---- | C] () -- C:\Users\Liam\AppData\Local\d3d8caps.dat
[2010/04/25 14:12:25 | 000,010,064 | -HS- | C] () -- C:\Users\Liam\AppData\Local\b5bq8uC1G1B
[2010/04/25 14:12:25 | 000,010,064 | -HS- | C] () -- C:\ProgramData\b5bq8uC1G1B
[2010/04/24 16:30:03 | 000,011,014 | -HS- | C] () -- C:\Users\Liam\AppData\Local\1171927190
[2010/04/24 16:30:03 | 000,011,014 | -HS- | C] () -- C:\ProgramData\1171927190
[2010/04/24 16:07:35 | 000,002,604 | -HS- | C] () -- C:\Users\Liam\AppData\Local\O5poq8wPv8FxG
[2010/04/24 16:07:35 | 000,002,604 | -HS- | C] () -- C:\ProgramData\O5poq8wPv8FxG
[2010/03/27 05:04:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/03/18 16:39:29 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/03/18 16:39:28 | 000,022,328 | ---- | C] () -- C:\Users\Liam\AppData\Roaming\PnkBstrK.sys
[2010/03/18 16:39:14 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/03/18 16:39:12 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/03/18 16:39:11 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/02/12 16:54:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/12 09:32:23 | 000,001,356 | ---- | C] () -- C:\Users\Liam\AppData\Local\d3d9caps.dat
[2010/01/05 13:13:03 | 000,138,240 | ---- | C] () -- C:\Users\Liam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/04 15:00:34 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/04/04 15:00:24 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/04/04 14:29:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/04 14:03:00 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/04 14:03:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/02 12:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/23 02:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008/05/22 09:40:59 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/05/22 09:38:59 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008/05/22 09:38:59 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/04/23 16:02:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008/03/10 00:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/09 23:32:51 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/03/04 21:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/02/28 12:14:03 | 000,168,886 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/08/07 03:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2006/11/02 22:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:47:37 | 000,391,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:33:01 | 000,627,494 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,116,318 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 11:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/12/07 11:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
========== Files - Unicode (All) ==========[2009/04/04 14:05:32 | 000,000,899 | ---- | C] ()(C:\Users\Liam\Desktop\????????.lnk) -- C:\Users\Liam\Desktop\華碩獨家軟體介紹.lnk
[2009/01/23 16:13:21 | 000,000,899 | ---- | M] ()(C:\Users\Liam\Desktop\????????.lnk) -- C:\Users\Liam\Desktop\華碩獨家軟體介紹.lnk
========== Alternate Data Streams ========== @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A2947BEA
< End of report >
and the Extra,
OTL Extras logfile created on: 3/06/2011 4:33:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Liam\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.78% Memory free
4.23 Gb Paging File | 3.09 Gb Available in Paging File | 72.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 16.08 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Drive D: | 104.73 Gb Total Space | 85.18 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
Drive I: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 930.86 Gb Total Space | 572.90 Gb Free Space | 61.54% Space Free | Partition Type: NTFS
Computer Name: LIAM-PC | User Name: Liam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{132A3949-0FC1-4B27-A758-C1F87958E6A6}" = lport=49185 | protocol=6 | dir=in | name=akamai netsession interface |
"{14A8193A-15E2-44AC-B64B-19B600486849}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{63CD866D-5B9F-4B3E-92EB-3D4C7C2EA2A5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{69F0E68B-66B1-493C-B80B-AD9FDF472CA7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{93ACDB43-EE15-46F6-BB61-83360F69E941}" = lport=49612 | protocol=6 | dir=in | name=akamai netsession interface |
"{ABF91C54-B926-4D38-95C4-B4FD7D642634}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E74C2E42-AA7C-4169-BD84-D2CFEE183F8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F0276580-6CDA-4EE1-846F-6E4B186B5F04}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E70EF1-2B15-466F-B2A1-FE91220F5A52}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{080B5B40-8861-4065-961C-A99641BDC19D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{092C5E8B-F31E-49D3-9C61-6741470BED5B}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{09B12AC3-B093-4B04-A8BC-891F91F7B9FD}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{0FABE5CA-BD73-4559-A1B6-EE82880ED43D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{1C9CAC86-6C5A-4209-960D-472F3B0303B1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1D97BE90-C214-4B4A-97BE-33CCF0149D45}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2118EFC2-2579-4833-AA9A-F81FB0F1560C}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2311AC31-524E-434A-ACE0-22C5DAB36E81}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{27BC2017-1AAF-49CB-9BD1-6106686B94F4}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2E3D2BF7-9DCC-463E-BDD5-C6EA1E31FD7E}" = dir=in | app=c:\program files\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe |
"{2F30994B-ADB9-4B97-9380-1CFAE1E5605A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3B028F37-D8EC-472B-A35C-4F6F2CB69DE2}" = protocol=17 | dir=in | app=c:\program files\cracked steam\steam.exe |
"{3B4A30D8-F1F1-4020-B6F0-8091224D25B5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{422EBC5D-B06B-407C-B24E-831278132594}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{4D17D53D-20C9-40ED-92E3-3627EE9CEC88}" = protocol=6 | dir=in | app=c:\program files\cracked steam\steam.exe |
"{4F066E71-903A-469F-BC17-04B0EF8F22EB}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{50659084-20F5-487F-B724-9696EC5FFFE3}" = protocol=6 | dir=in | app=c:\users\liam\appdata\local\temp\~os39d0.tmp\rlvknlg.exe |
"{535CB1FE-1C4D-40E7-BA0D-8F234FF9E535}" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"{54332BAA-B017-42F7-926C-8108507AF87B}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{54F2AB38-109D-496A-9406-A5516F6A54BB}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5E18FAD0-29D7-4C3E-8C8E-A28ED6123FE6}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{5E8665B2-91FE-4912-83C6-796E4CD7AEA4}" = protocol=6 | dir=in | app=c:\users\liam\appdata\local\temp\~osb5a9.tmp\rlvknlg.exe |
"{65545FF7-8898-48BE-A78D-97980B63A331}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v4.0\bin\xnaliveproxy.exe |
"{7BA4D0E4-0C2B-4A94-9BB2-CF428FC9FA24}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8168CDF0-F6D3-4182-8659-CB0C3F41A88E}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{82EBAECD-3183-4D72-95A3-F5C8521B7A6D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{92577F1D-83CE-4320-A743-391E79FBD71B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93F5D84B-3CDE-46E1-86C1-4D07661311D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{94732CA9-22FE-47E2-AF63-86E479DFC58D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9F632EC6-7ECA-4319-B500-BBBD0253C9BE}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A1FAA0BC-ABB3-493D-97F9-886A7894AC62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A4AD047D-EFD7-4231-86A9-75BEF882F6EF}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{AE25DEB5-283D-45D7-A1FB-06E5D4030C6A}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{B8C249C3-A7E5-4784-8D3F-9A0321237FC5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B9469EE3-B931-4058-A7FE-EC50512EC03B}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{CC2D3F1B-691E-4273-AB5F-7F4012EC2D49}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D0483B01-4823-4677-A257-72594A966521}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{D087A2BD-36A6-4BB4-8764-6D266DAB079A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D128F010-2418-4808-AD35-ED15181EDA45}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{D8A0D670-76EC-48C8-ABFF-678FC02DBCDA}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{DDD6BFF2-853D-4FDE-96E0-48370AEC3F43}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E0EDC131-F4D0-433B-8353-0BC7AB593EF9}" = protocol=17 | dir=in | app=c:\nexon\combat arms\combatarms.exe |
"{E92531BF-50A2-41AB-AE33-C87CFA854C6C}" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"{E9F39D04-5572-4043-ADC1-7A227FF4D64F}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{EC712AAB-112C-4B57-B574-CCFB05351D3F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EEE8712B-E714-4716-AAB6-5092EE448385}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{FBD7A14A-A9EA-4B2F-BFDC-334326312F11}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{FCC1CB33-E6B2-43E3-AD48-4D1F64D06429}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FCD99FE1-B993-4793-9DAB-4006D682201E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0C04-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C04-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C04-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0C04-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0C04-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{E600B433-47CB-4AFC-90BF-2958E8E7EF99}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C04-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0C04-0000-0000000FF1CE}_PROHYBRIDR_{45EDF005-5D73-4D75-9BD7-3FC67DB6FD0D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{33FA7680-10ED-444E-BC72-214064317283}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{5E6C6E79-40BE-491B-9ABF-C665667E1B07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0C04-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{3F96DD0A-F509-4CBD-8130-B3B3194A9C3D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C04-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0C04-0000-0000000FF1CE}_PROHYBRIDR_{364CCAC1-F404-461B-8025-8586FC7CA772}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB000D9F-3BBA-4361-A550-7DCCED1409AC}" = MapleStory
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Atlantica" = Atlantica
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"CamStudio" = CamStudio
"Combat Arms" = Combat Arms
"conduitEngine" = Conduit Engine
"Cross Fire_is1" = Cross Fire En
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Halo Combat Evolved" = Halo Combat Evolved
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"N360" = Norton 360
"Nokia PC Suite" = Nokia PC Suite
"NSS" = Norton Security Scan
"Picasa2" = Picasa 2
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinX Free VOB to MP4 Converter_is1" = WinX Free VOB to MP4 Converter 2.0.5
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
thank you heaps for the help.