OTL logfile created on: 9/15/2009 1:05:25 AM - Run 1
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Users\wynaut\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
986.35 Mb Total Physical Memory | 136.69 Mb Available Physical Memory | 13.86% Memory free
2.17 Gb Paging File | 0.59 Gb Available in Paging File | 27.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 15.72 Gb Free Space | 39.31% Space Free | Partition Type: NTFS
Drive D: | 80.00 Gb Total Space | 50.27 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive E: | 29.05 Gb Total Space | 9.62 Gb Free Space | 33.12% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WYNAUT-PC
Current User Name: wynaut
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe (IDT, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
PRC - C:\Windows\vmsnap3.exe (Vimicro)
PRC - C:\Windows\Domino.exe ()
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Services\netservices.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Apoint2K\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Flock\flock.exe (Flock, Inc.)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft)
PRC - C:\Users\wynaut\Downloads\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (AESTFilters [Auto | Running]) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe (Andrea Electronics Corporation)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Com4QLBEx [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FlexService [Auto | Stopped]) -- File not found
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (hpqwmiex [On_Demand | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MsDtsServer [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation)
SRV - (msftesql [Auto | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLSERVER [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MSSQLServerOLAPService [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe (Microsoft Corporation)
SRV - (msvsmon80 [Disabled | Stopped]) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (msvsmon90 [Disabled | Stopped]) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (MySQL [Disabled | Stopped]) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (NetService [Auto | Running]) -- C:\Program Files\Common Files\Services\netservices.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLSERVERAGENT [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE (Microsoft Corporation)
SRV - (SQLWriter [On_Demand | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe (IDT, Inc.)
SRV - (wampapache [On_Demand | Stopped]) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation)
SRV - (wampmysqld [On_Demand | Stopped]) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
========== Driver Services (SafeList) ========== DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (btwaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt [On_Demand | Running]) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (hamachi [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HpqKbFiltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcHdmiAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (JMCR [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\jmcr.sys (JMicron Technology Corporation)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (OemBiosDevice [Boot | Stopped]) -- C:\Windows\System32\drivers\royal.sys (PARADOX)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\stwrt.sys (IDT, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (VSPerfDrv90 [On_Demand | Stopped]) -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys (Microsoft Corporation)
DRV - (vvftav303 [On_Demand | Stopped]) -- C:\Windows\System32\drivers\vvftav303.sys (Vimicro Corporation)
DRV - (ZSMC0303 [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbVM303.sys (Vimicro Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
http://us.rd.yahoo.com/customize/ie/def ... earch.html IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comIE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comIE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\S-1-5-21-2234774825-618922396-1169140598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\S-1-5-21-2234774825-618922396-1169140598-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Components: C:\Program Files\Flock\components [2009/09/02 23:14:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/09/02 23:14:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Components: C:\Program Files\Flock\components [2009/09/02 23:14:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2009/09/02 23:14:09 | 00,000,000 | ---D | M]
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKLM..\Run: [VMSnap3] C:\Windows\VMSnap3.exe (Vimicro)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-2234774825-618922396-1169140598-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2234774825-618922396-1169140598-1000\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 58.69.254.4 58.69.254.70 58.69.254.135
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{180fb092-75c0-11de-86ba-001eecb19686}\Shell\AutoPlay\Command - "" = console.exe
O33 - MountPoints2\{180fb092-75c0-11de-86ba-001eecb19686}\Shell\Explore\Command - "" = console.exe
O33 - MountPoints2\{180fb092-75c0-11de-86ba-001eecb19686}\Shell\Open\Command - "" = console.exe
O33 - MountPoints2\{180fb092-75c0-11de-86ba-001eecb19686}\Shell\Scan For Viruses\Command - "" = console.exe
O33 - MountPoints2\{e755dab3-9647-11de-869c-001eecb19686}\Shell - "" = AutoRun
O33 - MountPoints2\{e755dab3-9647-11de-869c-001eecb19686}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ========== [2009/09/13 20:25:11 | 00,000,000 | ---D | C] -- C:\Users\wynaut\Documents\Thesis Docs
[2009/09/12 11:44:43 | 00,000,000 | ---D | C] -- C:\Users\wynaut\AppData\Local\Yahoo!
[2009/09/08 19:12:17 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2009/09/08 19:10:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/08/30 10:30:57 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/08/30 10:30:11 | 00,000,618 | ---- | C] () -- C:\Users\wynaut\Desktop\SpywareBlaster.lnk
[2009/08/30 00:54:58 | 00,000,743 | ---- | C] () -- C:\Users\wynaut\Desktop\HijackThis.lnk
[2009/08/26 19:35:19 | 05,307,539 | ---- | C] () -- C:\Users\wynaut\Documents\CS261 Files.rar
[2009/08/26 13:43:16 | 00,000,000 | ---D | C] -- C:\Users\wynaut\Documents\CS261 Files
[2009/08/24 16:01:24 | 39,825,920 | ---- | C] () -- C:\Users\wynaut\Documents\THEO 110 journal.doc
[2009/08/24 10:00:18 | 00,034,304 | ---- | C] () -- C:\Users\wynaut\Documents\Progress Report August 24, 09.doc
[2009/08/18 23:56:52 | 00,000,000 | ---D | C] -- C:\Users\wynaut\AppData\Roaming\vlc
[2009/08/18 23:54:00 | 00,000,582 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/08/17 22:30:41 | 00,028,672 | ---- | C] () -- C:\Users\wynaut\Documents\Pagtataya.doc
[2009/08/16 11:39:04 | 00,000,600 | ---- | C] () -- C:\Users\wynaut\Desktop\Total Video Player.lnk
[2009/08/16 11:39:04 | 00,000,600 | ---- | C] () -- C:\Users\wynaut\Desktop\Total Video Converter.lnk
[2009/05/31 00:13:13 | 00,000,283 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/18 13:33:32 | 00,225,280 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009/04/18 13:33:27 | 00,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2009/04/18 13:33:27 | 00,157,696 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/04/18 13:33:27 | 00,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/18 13:33:26 | 00,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/18 13:33:26 | 00,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2008/06/12 18:59:22 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/06/04 17:54:12 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 20:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 18:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 15:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== Files - Modified Within 30 Days ========== [2009/09/15 00:31:46 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/15 00:31:46 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/14 20:34:16 | 00,931,994 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/14 20:34:16 | 00,771,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/14 20:34:16 | 00,160,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/14 20:31:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/14 13:27:52 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/14 12:01:22 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/09/14 12:00:40 | 02,970,895 | -H-- | M] () -- C:\Users\wynaut\AppData\Local\IconCache.db
[2009/09/09 12:59:34 | 00,064,000 | ---- | M] () -- C:\Users\wynaut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/02 23:14:22 | 00,001,614 | ---- | M] () -- C:\Users\Public\Desktop\Flock.lnk
[2009/09/02 10:55:59 | 00,000,283 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/08/30 10:30:11 | 00,000,618 | ---- | M] () -- C:\Users\wynaut\Desktop\SpywareBlaster.lnk
[2009/08/30 00:54:58 | 00,000,743 | ---- | M] () -- C:\Users\wynaut\Desktop\HijackThis.lnk
[2009/08/26 21:34:44 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/08/26 19:35:26 | 05,307,539 | ---- | M] () -- C:\Users\wynaut\Documents\CS261 Files.rar
[2009/08/24 19:07:44 | 39,825,920 | ---- | M] () -- C:\Users\wynaut\Documents\THEO 110 journal.doc
[2009/08/24 10:00:20 | 00,034,304 | ---- | M] () -- C:\Users\wynaut\Documents\Progress Report August 24, 09.doc
[2009/08/24 08:38:46 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/08/18 23:54:00 | 00,000,582 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009/08/18 00:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/08/18 00:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/08/18 00:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/08/18 00:05:24 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/08/18 00:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/08/18 00:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/08/18 00:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/08/17 22:30:43 | 00,028,672 | ---- | M] () -- C:\Users\wynaut\Documents\Pagtataya.doc
[2009/08/16 14:19:49 | 01,722,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/16 12:35:58 | 00,102,512 | ---- | M] () -- C:\Users\wynaut\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/16 11:39:04 | 00,000,600 | ---- | M] () -- C:\Users\wynaut\Desktop\Total Video Player.lnk
[2009/08/16 11:39:04 | 00,000,600 | ---- | M] () -- C:\Users\wynaut\Desktop\Total Video Converter.lnk
========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
------------------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 9/15/2009 1:05:26 AM - Run 1
OTL by OldTimer - Version 3.0.11.0 Folder = C:\Users\wynaut\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
986.35 Mb Total Physical Memory | 136.69 Mb Available Physical Memory | 13.86% Memory free
2.17 Gb Paging File | 0.59 Gb Available in Paging File | 27.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 15.72 Gb Free Space | 39.31% Space Free | Partition Type: NTFS
Drive D: | 80.00 Gb Total Space | 50.27 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive E: | 29.05 Gb Total Space | 9.62 Gb Free Space | 33.12% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WYNAUT-PC
Current User Name: wynaut
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Classes\<extension>]
.html [@ = FlockHTML] -- C:\Program Files\Flock\flock.exe (Flock, Inc.)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0696F8ED-4E62-44B2-B9C3-CEAFD70E02C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B68A42F-C11E-4844-ADB4-206250374312}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25533C90-E147-4EFB-ABA0-A37F22495876}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5206D8CD-6238-4707-AF1B-15D4F0B8FD18}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{54E0B57B-3663-4201-9A0D-A393A1896F38}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6085BF24-D26D-4FF3-BEC3-C2EDD2B0D0E9}" = rport=2869 | protocol=6 | dir=out | app=system |
"{71E3BDD8-4D6B-47FF-B13B-AEC136048113}" = lport=2869 | protocol=6 | dir=in | app=system |
"{83D6C940-80D3-4676-A967-3B08CFDE08AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9641E0FC-C0DD-4C25-BA84-03087E41BFF6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{99D30D9E-3FEE-4B0B-9612-C079533635F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F5FA042-AF1E-44D2-9BC3-D39228529601}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C874F1E5-BBDC-46C8-B17E-A816F0D9D423}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C90FD80C-046B-49EC-B16D-A76CAC835E73}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E36B1C7F-461F-442E-83C6-61C092710F32}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E94230DC-6292-4A10-890F-5898944780B1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F677D21C-0F28-4A10-8CCD-0C7522C848A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0185BA16-9BF6-4E26-966F-F184EE9A591F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0277E5DE-F1BB-4029-8C20-F982394A5BD7}" = protocol=58 | dir=out | app=system |
"{03F3E9CF-7DE7-46A5-B1FF-35DAAC08E050}" = protocol=58 | dir=out | app=system |
"{046B5D53-D16E-4A6A-823E-74938FA0B59E}" = protocol=58 | dir=out | app=system |
"{0528686D-0E33-4408-9900-EF93E443804C}" = protocol=58 | dir=out | app=system |
"{09454DC0-6F04-4148-8BA4-8A88DCB70D57}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{0AE2FD2E-F36C-4581-992D-6288A0461F89}" = protocol=58 | dir=out | app=system |
"{0C8E44B2-EB89-4E50-AF8A-EE1446E6CC24}" = protocol=58 | dir=out | app=system |
"{0D4871F7-5035-4989-9097-272D65F9495B}" = protocol=58 | dir=out | app=system |
"{0EE27EDE-BC28-4E22-88BD-80AE3C5A3F9C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{10A5AB31-B642-4F18-9818-3EC23B5E2EF2}" = protocol=58 | dir=out | app=system |
"{1646F59C-FA4D-49E3-8267-777BA94D1643}" = protocol=58 | dir=out | app=system |
"{17A73E00-814A-4A76-AF92-75DAE355AB1C}" = protocol=58 | dir=out | app=system |
"{1A03DCDD-2377-4ABE-8BD1-781F2A67E63E}" = protocol=58 | dir=out | app=system |
"{1B68DA27-5CB5-4355-8289-586A1088A27E}" = protocol=58 | dir=out | app=system |
"{1FF24377-D0DB-48F2-937B-4EB9715BB861}" = protocol=58 | dir=out | app=system |
"{2095B4E1-E725-47BD-BC73-4809E32FD212}" = protocol=58 | dir=out | app=system |
"{216A8BDB-EA8D-44B9-BB26-633BEC4C41FA}" = protocol=58 | dir=out | app=system |
"{21E56BEF-463B-4CA6-9E13-743C996FC438}" = protocol=58 | dir=out | app=system |
"{22F36119-FBEC-4808-956B-217B37D9C7D0}" = protocol=58 | dir=out | app=system |
"{22F859A8-CB95-47B9-B63F-578598482A32}" = protocol=58 | dir=out | app=system |
"{239CF450-B737-4015-A975-BAD55FAE0601}" = protocol=58 | dir=out | app=system |
"{242C8DC2-96EB-44A4-81B5-C8187B4627A6}" = protocol=58 | dir=out | app=system |
"{24A321EB-7CD6-4774-A46D-8834BE4DDDDD}" = protocol=58 | dir=out | app=system |
"{24B0E95D-EF48-40B0-963A-6B72E2E803E1}" = protocol=58 | dir=out | app=system |
"{24CEFDCB-846C-4849-8D5E-E8AD84A9CDB3}" = protocol=58 | dir=out | app=system |
"{283271BB-B512-4B73-83B1-26D0DA0CC18E}" = protocol=58 | dir=out | app=system |
"{296A1072-F0ED-451D-91C8-39DB7AFEAD51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{299C476E-2853-4A72-B461-F74149832FFC}" = protocol=58 | dir=out | app=system |
"{2CAB9E8B-C8B3-44D5-A6DA-46CD4D2F99B4}" = protocol=58 | dir=out | app=system |
"{2DE5D8FE-D73E-4CD7-95DA-4BC2AA3EF2AD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E3EB88D-2F7D-41FE-AB75-3067021A173F}" = protocol=58 | dir=out | app=system |
"{3253FCEA-F0F8-46E4-81A4-DD4FBE9D4510}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{32CF2CF5-D878-47D0-BC25-54E041C93A21}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{346C6A95-7485-4F0C-9E89-C4D27F628A3D}" = protocol=58 | dir=out | app=system |
"{3589E5C1-14C2-4D65-BB37-D3942C6BC9C8}" = protocol=58 | dir=out | app=system |
"{3699D118-B2E2-498F-853A-77875B54F488}" = protocol=6 | dir=out | app=system |
"{3B6A0FAB-1936-4720-8A09-62C5B71895AF}" = protocol=58 | dir=out | app=system |
"{3C72E61B-AA1F-4BEC-BEFD-33767E4737CE}" = protocol=58 | dir=out | app=system |
"{3CD5BB01-4C68-4AE5-94C3-4013018763CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3F2FC4D3-82AE-4552-87BB-5A633240B3B6}" = protocol=58 | dir=out | app=system |
"{3FEB03C1-8DA1-42E5-BEFE-91C28D5158A6}" = protocol=58 | dir=out | app=system |
"{40526C7A-2A5B-4F5E-9745-D85A5A9568F4}" = protocol=58 | dir=out | app=system |
"{40BD988B-42A1-46F4-A3A5-D34128C9996E}" = protocol=58 | dir=out | app=system |
"{4412EDF9-DB5E-4BFC-A6CF-F807D90716B2}" = protocol=58 | dir=out | app=system |
"{46A4E696-0FDD-4C51-A417-9CF252CE7FBD}" = protocol=58 | dir=out | app=system |
"{48DC0000-C9A6-4491-88B7-1D171B2478F0}" = protocol=58 | dir=out | app=system |
"{4903D1F7-639D-4DCB-A06B-DE080FBC13AE}" = protocol=58 | dir=out | app=system |
"{4A3732DC-2804-4221-B544-79BA7AC37C03}" = protocol=58 | dir=out | app=system |
"{4ADD0C16-61E7-412C-8791-22CF3866BBE1}" = protocol=58 | dir=out | app=system |
"{4C30007C-3B38-4287-BC0A-097B0E8992AB}" = protocol=58 | dir=out | app=system |
"{4F4E23A4-684D-4029-BDE5-7D5E6CFA9A5D}" = protocol=58 | dir=out | app=system |
"{4FDA7D69-A081-4C54-BF5F-1B293BF70642}" = protocol=58 | dir=out | app=system |
"{4FFD80AA-609A-4E1C-83E5-7482743DB5B9}" = protocol=58 | dir=out | app=system |
"{50DD0CDD-6118-4735-9AB4-2B6799CAC7FE}" = protocol=58 | dir=out | app=system |
"{51FFB314-D9D4-48D6-AEA0-142650B4CAEA}" = protocol=58 | dir=out | app=system |
"{52B27B7E-C5CC-48DB-88B9-9DA830C7D410}" = protocol=58 | dir=out | app=system |
"{534346FE-2AC5-4251-B131-1612F6C26AAB}" = protocol=58 | dir=out | app=system |
"{54083A0A-FD6B-46FA-9A96-A1759BA8A55F}" = protocol=58 | dir=out | app=system |
"{548318C2-F2C0-4EBF-BC37-E7750864E086}" = protocol=58 | dir=out | app=system |
"{57611451-267A-41EF-B95C-23A338732685}" = protocol=58 | dir=out | app=system |
"{57F455CE-C5CB-4CFC-9734-6F561ABA0F6A}" = protocol=58 | dir=out | app=system |
"{5809F800-398C-4469-9FA5-1DCB83498927}" = protocol=58 | dir=out | app=system |
"{5A601CA0-A30B-4921-811E-D1218DA3D1ED}" = protocol=58 | dir=out | app=system |
"{5A8AD21A-3A0A-45B4-A247-553F02E0AAE4}" = protocol=58 | dir=out | app=system |
"{5A9249B9-A7D8-464B-B957-3B4CF9CA32DD}" = protocol=58 | dir=out | app=system |
"{60C4D3A5-BE9E-4F22-906A-19B5C38CD849}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62B1BCE5-E437-47E8-919C-4E1F3BC8C4D4}" = protocol=58 | dir=out | app=system |
"{654FF43B-5365-4594-AF2C-DE8671B6E672}" = protocol=58 | dir=out | app=system |
"{6775A423-D62E-4429-9B49-B0F1A076FEC0}" = protocol=58 | dir=out | app=system |
"{69B211FA-D5EE-4FDF-B1A9-9C217F7A5669}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe |
"{69CB7981-5109-44A4-9838-349C23F66061}" = protocol=58 | dir=out | app=system |
"{6AD1E59D-F35C-4C3A-B993-FD6AA4EB2505}" = protocol=58 | dir=out | app=system |
"{6AD7524F-EA24-4FF2-8349-9AC9B714583A}" = protocol=58 | dir=out | app=system |
"{6B758BA1-51DA-45FE-99E6-ED23E669B606}" = protocol=58 | dir=out | app=system |
"{6C6FAEE3-B268-470C-A9DD-2D306137FED9}" = protocol=58 | dir=out | app=system |
"{6D49C006-4B27-4056-8776-E783D057760F}" = protocol=58 | dir=out | app=system |
"{7079B757-7078-40D5-A8F2-D8C8AD3554D5}" = protocol=58 | dir=out | app=system |
"{71C60E0A-0C66-4DEF-8991-433F2B85808D}" = protocol=58 | dir=out | app=system |
"{7635DB7C-A50A-431F-BA3F-E8DECAF82EAB}" = protocol=58 | dir=out | app=system |
"{77067F3C-B23F-4F29-AD25-05177D873444}" = protocol=58 | dir=out | app=system |
"{79C09A03-F93A-40A5-9F2D-2FE29ABFFA6B}" = protocol=58 | dir=out | app=system |
"{7A87EE35-3841-40B9-9C96-3F9F627BEEBB}" = protocol=58 | dir=out | app=system |
"{7ABBB534-7C00-42F6-AF40-941068B05A53}" = protocol=58 | dir=out | app=system |
"{7BB84CA2-4ACD-4A40-9F91-1C4E43A624EF}" = protocol=58 | dir=out | app=system |
"{7CB905B1-C6B7-4816-BEDD-C8A1179B4024}" = protocol=58 | dir=out | app=system |
"{83050E80-BD46-4DE8-8BA4-7CCF9F5758F7}" = protocol=58 | dir=out | app=system |
"{84D6295F-8EDB-4412-AB49-2DB654C38B28}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84F45A1F-1AA9-4DE6-86A3-AA8F409025B2}" = protocol=58 | dir=out | app=system |
"{898D8AC5-9378-4FF0-A826-161203271B50}" = protocol=58 | dir=out | app=system |
"{89A28849-9E29-482E-BC69-787DF08703E9}" = protocol=58 | dir=out | app=system |
"{8A9F90B1-D6FD-460A-A140-A37CB0744BE4}" = protocol=58 | dir=out | app=system |
"{8D215EA2-FD30-45D3-AB63-7BC937A1EA17}" = protocol=58 | dir=out | app=system |
"{94BBE020-0754-4185-A6A5-1A1E133E0A34}" = protocol=58 | dir=out | app=system |
"{94EB0596-6E7F-4886-B89F-C9C45937B340}" = protocol=58 | dir=out | app=system |
"{957839DE-3E74-44BB-8510-E00C58A2EC21}" = protocol=58 | dir=out | app=system |
"{96F22279-1ACF-48A0-8157-838A72FDAA41}" = protocol=58 | dir=out | app=system |
"{9BD48E41-8DFA-4D5D-8452-1BF7E0827463}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9DFCF47B-20BA-421F-A7F7-E9C819C8B8AB}" = protocol=58 | dir=out | app=system |
"{9F0FF86D-0486-498C-886D-CD76BB7AD6E8}" = protocol=58 | dir=out | app=system |
"{A0F337E0-E3B0-4C88-8193-F41697E814E4}" = protocol=58 | dir=out | app=system |
"{A2E526F6-C966-4992-9219-2E9438366018}" = protocol=58 | dir=out | app=system |
"{A604F168-21D6-412C-9828-EF001DAA7EC7}" = protocol=58 | dir=out | app=system |
"{AEB7C83A-7FA5-4EFC-AE9F-359C998882FA}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe |
"{B65D5280-3805-4FEC-BB12-C8423F6ADB65}" = protocol=58 | dir=out | app=system |
"{B9D67E1D-DC55-47E6-9F2C-7BD968E1DB2E}" = protocol=58 | dir=in | app=system |
"{C33D4B92-4D59-41A1-A34A-24C7B9EE2D9E}" = protocol=58 | dir=out | app=system |
"{C397C3A7-A615-4FB5-8E35-9D2A8520D376}" = protocol=58 | dir=out | app=system |
"{C40A3174-4E93-484C-BA44-4F2851BD5441}" = protocol=58 | dir=out | app=system |
"{C49825B9-8C90-4B8D-9871-856F0AB4C9F8}" = protocol=58 | dir=out | app=system |
"{C9B795D9-1486-4008-B1C9-423552CF1C6C}" = protocol=58 | dir=out | app=system |
"{CAAB8D36-8D55-43BA-BA11-1D5706FDC5D4}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{D49E30D8-6421-45A6-9D5D-7C5020958894}" = protocol=58 | dir=out | app=system |
"{DABF942B-FA31-421B-9F8F-F198E4DD5CF7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DCF5FFC4-D64D-4033-BC8F-8117BE8C7D82}" = protocol=58 | dir=out | app=system |
"{DFF845CF-9D2E-4D7B-AB60-59F2DDD459EB}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E4579314-4622-4EC4-9A17-0F1146FC8455}" = protocol=58 | dir=out | app=system |
"{E4AD4142-2D20-48E4-8E89-D8C77F23BBCD}" = protocol=58 | dir=out | app=system |
"{E967678F-3E9F-44F8-A737-E40183561459}" = protocol=58 | dir=out | app=system |
"{EBD2F816-83B0-49E5-B79C-74AC5C037A29}" = protocol=58 | dir=out | app=system |
"{EC62D428-5E17-46C8-ADD6-DBD6892CBB92}" = protocol=58 | dir=out | app=system |
"{ED9A68C9-30EA-45AE-864C-D04C587AFDA1}" = protocol=58 | dir=out | app=system |
"{EF268456-6431-405D-9B89-6A4AC73AAE57}" = protocol=58 | dir=out | app=system |
"{EF560620-888F-4EE0-9B6C-0BE907510E31}" = protocol=58 | dir=out | app=system |
"{F03D4240-5963-42F9-8E00-E98E1E904BA1}" = protocol=58 | dir=out | app=system |
"{F5281413-9C86-4F83-9EFD-19F8385B8CBD}" = protocol=58 | dir=out | app=system |
"{FA09B38A-3828-452C-9911-8949E39D546E}" = protocol=58 | dir=out | app=system |
"{FCCC3663-3DD1-45A7-BD15-0192413BB1DF}" = protocol=58 | dir=out | app=system |
"{FE944023-403E-427B-8FFE-DBCE8DFB86FB}" = protocol=58 | dir=out | app=system |
"{FF844BA7-31F3-45B1-BA17-D365BB590E0C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"TCP Query User{0651974F-1989-4B3B-B65A-37D99842CF9F}D:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\war3.exe |
"TCP Query User{139469E4-9C38-4CD6-9E7E-64DEF1C42EA3}H:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=h:\warcraft iii\war3.exe |
"TCP Query User{48E6AD82-3F1A-4D35-9212-35DE2A3E914A}C:\users\wynaut\desktop\warcraft 1.20\war3.exe" = protocol=6 | dir=in | app=c:\users\wynaut\desktop\warcraft 1.20\war3.exe |
"TCP Query User{558D1156-F0BD-4282-A6A8-06023BCA40FB}D:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=d:\program files\hamachi\hamachi.exe |
"TCP Query User{82C3E6EE-BB0C-4416-B66F-65E9BF15B114}C:\users\wynaut\desktop\warcraft\war3.exe" = protocol=6 | dir=in | app=c:\users\wynaut\desktop\warcraft\war3.exe |
"TCP Query User{8C66C7D0-976B-4BD2-8FFA-8F23037C22F5}G:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\warcraft iii\war3.exe |
"TCP Query User{B6A03BAB-0A37-46E3-BD03-36F4E955F992}D:\games\warcraft iii\garena\garena.exe" = protocol=6 | dir=in | app=d:\games\warcraft iii\garena\garena.exe |
"TCP Query User{BDB33BA4-5F9A-4C20-ABB1-8322707977C2}D:\games\garena\garena.exe" = protocol=6 | dir=in | app=d:\games\garena\garena.exe |
"TCP Query User{FE33DD3A-E23E-442E-B49C-1EFFB3FF13D8}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"UDP Query User{118568BB-5AD4-4478-B815-E561688FE4F5}H:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=h:\warcraft iii\war3.exe |
"UDP Query User{13055CB0-26D0-40DF-AD75-21295938DD6C}D:\games\garena\garena.exe" = protocol=17 | dir=in | app=d:\games\garena\garena.exe |
"UDP Query User{286D177C-6124-4B44-AAC3-56AB29EF6FB3}C:\users\wynaut\desktop\warcraft 1.20\war3.exe" = protocol=17 | dir=in | app=c:\users\wynaut\desktop\warcraft 1.20\war3.exe |
"UDP Query User{3033F15A-8298-43A6-A9A3-483365E7303C}D:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\war3.exe |
"UDP Query User{4E8FF32E-E5FD-420B-BA34-6CDB33C9A4FB}D:\games\warcraft iii\garena\garena.exe" = protocol=17 | dir=in | app=d:\games\warcraft iii\garena\garena.exe |
"UDP Query User{6D25F442-66B3-4081-AE1D-AAD38E3442DD}C:\users\wynaut\desktop\warcraft\war3.exe" = protocol=17 | dir=in | app=c:\users\wynaut\desktop\warcraft\war3.exe |
"UDP Query User{7164AB33-935D-47AB-AF37-7488EAD6D71F}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"UDP Query User{88BABA68-941C-4871-85DC-542DD0A10E72}G:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\warcraft iii\war3.exe |
"UDP Query User{F7F63C24-F67F-41C5-929A-F0AD77776808}D:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=d:\program files\hamachi\hamachi.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6202
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19ABE7AD-B0E6-4B5F-A2C1-35EAC9B05542}" = Prerequirements
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4EFE49A6-61A3-45B7-8EA2-CCE4A9A8F0E4}" = MySQL Tools for 5.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 5.2.6
"{63A5DC0D-1EDD-4D69-8F31-87FAEB1F7084}" = Microsoft SQL Server 2005 Notification Services
"{63B28D9D-4DB9-4DA9-82B4-5359061E22DE}" = MySQL Server 5.0
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{982DB00A-9C4E-436B-8707-18E113BAA44C}" = Microsoft SQL Server 2005 Analysis Services
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F238A60-C445-4B81-8EDE-07DC924E98F8}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}" = A4 TECH PC Camera H
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH PC Camera H
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A41F96-7231-4AE8-A654-EEB34F935462}" = Microsoft SQL Server 2005 Integration Services
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB3F5C2A-0754-38B8-8722-7B537006BF46}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast!" = avast! Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flock (2.5.2)" = Flock (2.5.2)
"Garena" = Garena
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.38
"LameACM" = LameACM
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio Team System 2008 Team Suite - ENU" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"Prerequirements" = Prerequirements
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Total Video Converter 3.10_is1" = Total Video Converter 3.10
"USB Disk Security_is1" = USB Disk Security 5.1.0.15
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"WampServer 2_is1" = WampServer 2.0
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"Wubi" = Ubuntu
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2234774825-618922396-1169140598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus
========== Last 10 Event Log Errors ========== [ Antivirus Events ]
Error - 7/8/2009 5:32:24 PM | Computer Name = wynaut-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\wynaut\AppData\Roaming\Flock\Browser\Profiles\tr0jnojn.default\flock-data.sqlite
failed, 00000005.
Error - 8/15/2009 11:36:06 PM | Computer Name = wynaut-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://124.108.114.77/ph.f768.mail.yaho ... d_response failed, 00000084.
Error - 8/15/2009 11:36:10 PM | Computer Name = wynaut-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\wynaut\Downloads\tvc.exe.part failed, 00000084.
[ Application Events ]
Error - 9/13/2009 7:09:02 AM | Computer Name = wynaut-PC | Source = Perflib | ID = 1000
Description =
Error - 9/13/2009 9:37:34 PM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 9.0\Common7\Tools\AtlTraceTool8.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/13/2009 9:37:34 PM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 9.0\Common7\Tools\spyxx.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/13/2009 9:37:34 PM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
SDKs\Windows\v6.0A\bin\guidgen.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/13/2009 9:38:43 PM | Computer Name = wynaut-PC | Source = Perflib | ID = 1000
Description =
Error - 9/13/2009 11:51:11 PM | Computer Name = wynaut-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 9.0.0.2162, time
stamp 0x4a1cb91c, faulting module YCPFoundation.dll, version 9.0.0.54871, time stamp
0x4a1cbc3f, exception code 0xc0000005, fault offset 0x00026cf0, process id 0x1688,
application start time 0x01ca34dfb6297b02.
Error - 9/14/2009 1:27:59 AM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 9.0\Common7\Tools\AtlTraceTool8.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/14/2009 1:27:59 AM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
Visual Studio 9.0\Common7\Tools\spyxx.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/14/2009 1:28:00 AM | Computer Name = wynaut-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Microsoft
SDKs\Windows\v6.0A\bin\guidgen.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 9/14/2009 1:29:16 AM | Computer Name = wynaut-PC | Source = Perflib | ID = 1000
Description =
[ System Events ]
Error - 9/13/2009 8:59:01 AM | Computer Name = wynaut-PC | Source = DCOM | ID = 10010
Description =
Error - 9/13/2009 8:59:03 AM | Computer Name = wynaut-PC | Source = DCOM | ID = 10010
Description =
Error - 9/13/2009 9:38:51 PM | Computer Name = wynaut-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/13/2009 9:38:51 PM | Computer Name = wynaut-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 9/13/2009 10:14:24 PM | Computer Name = wynaut-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.
Error - 9/13/2009 10:51:37 PM | Computer Name = wynaut-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.
Error - 9/14/2009 1:29:08 AM | Computer Name = wynaut-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 9/14/2009 1:29:08 AM | Computer Name = wynaut-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 9/14/2009 8:44:37 AM | Computer Name = wynaut-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.
Error - 9/14/2009 8:44:37 AM | Computer Name = wynaut-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.104,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.
< End of report >