Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Any services which my PC doesn't need running?


  • Please log in to reply
6 replies to this topic

#1 somchaigirl

somchaigirl

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 16 November 2009 - 10:04 AM

After following this website's, hxxp://www.blackviper.com/WinVista/servicecfg.htm 'safe' instructions for Vista's services msc running list, my boot time's times still lacking.

Could it be furtherly tweaked by disabling or putting any services into manual mode?

Here's the Hijackthis this log. Perhaps I should use another program to take a snapshot of the running services :( ?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:32, on 11/16/2009
Platform: Windows Vista SP2, v.113 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\kmw_run.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Hmonitor\hmonitor.exe
C:\Windows\vsnpstd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.127.100 www.bing.com
O1 - Hosts: 74.125.127.100 bing.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [TrialReset] C:\Windows\regx32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AED9D0CB-57F8-4238-9499-67C22FB29868}: NameServer = 203.144.207.49 203.144.207.29
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5327 bytes

Edited by Orange Blossom, 19 November 2009 - 10:21 PM.
Disable link, just in case. ~ OB


BC AdBot (Login to Remove)

 


#2 somchaigirl

somchaigirl
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 21 November 2009 - 07:24 AM

Thanks for playing it safe OB :(

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:24 PM

Posted 24 November 2009 - 04:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

If you don't think your PC is infected, this may not be the best place to ask and a Hijackthis log won't help much for tweaking your PC.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 somchaigirl

somchaigirl
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 27 November 2009 - 11:33 PM

Okay, here are the two logs,

OTL logfile created on: 11/28/2009 09:39:20 - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Users\XPUSA\Desktop
Windows Vista Ultimate Edition Service Pack 2, v.113 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.09% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32.08 Gb Total Space | 5.98 Gb Free Space | 18.64% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 35.06 Gb Free Space | 89.74% Space Free | Partition Type: NTFS
Drive E: | 6.20 Gb Total Space | 3.03 Gb Free Space | 48.90% Space Free | Partition Type: NTFS
Drive F: | 35.46 Gb Total Space | 32.07 Gb Free Space | 90.43% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 4.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
Drive K: | 244.73 Gb Total Space | 2.28 Gb Free Space | 0.93% Space Free | Partition Type: NTFS
Drive L: | 221.03 Gb Total Space | 61.29 Gb Free Space | 27.73% Space Free | Partition Type: NTFS

Computer Name: XPUSA-LT
Current User Name: XPUSA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/27 06:01:06 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Users\XPUSA\Desktop\OTL.exe
PRC - [2008/12/03 04:50:54 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/22 15:12:34 | 01,333,016 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/07/04 01:57:56 | 00,285,327 | ---- | M] () -- C:\Windows\regx32.exe
PRC - [2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/02/20 11:06:58 | 01,443,072 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/01/18 23:33:40 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2008/01/18 23:33:34 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/18 23:33:02 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2007/03/30 14:16:16 | 00,344,064 | ---- | M] () -- C:\Windows\vsnpstd.exe
PRC - [2006/08/03 11:47:16 | 00,106,496 | ---- | M] (Kensington Technology Group) -- C:\Windows\System32\kmw_run.exe
PRC - [2004/10/13 14:24:48 | 00,286,720 | ---- | M] (AB Software) -- C:\Program Files\Hmonitor\hmonitor.exe


========== Modules (SafeList) ==========

MOD - [2009/11/27 06:01:06 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Users\XPUSA\Desktop\OTL.exe
MOD - [2008/10/17 21:14:16 | 01,683,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.16497_none_5cc0004408832c27\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (stllssvr)
SRV - [2009/06/02 06:26:18 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/22 15:12:34 | 01,333,016 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/04 10:35:32 | 00,692,224 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/02/20 11:14:52 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008/02/20 11:08:46 | 00,472,320 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/01/18 23:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 23:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/18 23:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/08/25 12:20:38 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2006/11/02 19:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 19:34:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/02/24 15:30:50 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/06/18 19:45:02 | 04,172,832 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/05/15 05:17:40 | 00,043,520 | ---- | M] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2009/03/19 13:48:18 | 00,136,704 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 13:48:12 | 00,008,320 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/09 07:37:56 | 00,007,808 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 07:37:48 | 00,007,808 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 07:37:46 | 00,022,016 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 07:37:46 | 00,017,664 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/01/08 18:00:54 | 00,016,640 | ---- | M] (Wondershare) -- C:\Windows\System32\drivers\AsAudioDevice_351.sys -- (AsAudioDevice_351)
DRV - [2008/09/27 19:41:33 | 00,035,363 | ---- | M] () -- C:\Windows\System32\windrvNT.sys -- (windrvNT)
DRV - [2008/09/26 17:06:24 | 00,129,824 | ---- | M] (Paragon) -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008/09/26 17:06:24 | 00,032,048 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2008/08/26 10:26:12 | 00,018,816 | ---- | M] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/04 13:35:38 | 03,847,168 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/02/26 05:54:02 | 00,043,520 | ---- | M] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\fetnd5bv.sys -- (FET5X86V)
DRV - [2008/02/20 11:11:16 | 00,033,800 | ---- | M] () -- C:\Windows\System32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008/02/20 11:02:22 | 00,029,704 | ---- | M] (ESET) -- C:\Windows\System32\drivers\easdrv.sys -- (easdrv)
DRV - [2008/02/20 11:01:30 | 00,039,944 | ---- | M] (ESET) -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/01/18 23:41:26 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/18 21:57:18 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/18 21:57:16 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/18 21:53:24 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV - [2007/07/23 21:55:24 | 00,006,656 | ---- | M] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2007/07/20 18:50:08 | 00,471,808 | ---- | M] (eMPIA Technology, Inc.) -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007/06/14 17:09:08 | 00,201,216 | ---- | M] (eMPIA Technology Inc.) -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2007/05/14 17:29:30 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2007/05/12 16:57:25 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\Pcouffin.sys -- (Pcouffin)
DRV - [2007/03/29 14:54:40 | 00,384,384 | ---- | M] () -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)
DRV - [2006/11/02 16:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 16:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 16:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 16:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 16:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 16:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 16:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 16:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 16:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 16:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 16:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 16:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 16:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 16:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 16:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 16:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 16:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 16:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 16:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 16:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 16:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 16:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 16:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 16:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 16:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 16:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 16:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 16:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 16:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 16:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 16:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 16:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 16:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 16:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 15:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 15:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 15:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 15:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 15:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 15:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 14:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 14:36:49 | 00,068,096 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\ac97via.sys -- (VIAudio)
DRV - [2006/11/02 14:30:56 | 00,045,568 | ---- | M] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\fetnd5.sys -- (FETNDIS)
DRV - [2006/11/02 14:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 13:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/09 21:55:00 | 04,428,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/08/03 11:46:50 | 00,005,376 | ---- | M] (Kensington Technology Group) -- C:\Windows\System32\drivers\kmw_kbd.sys -- (KMW_KBD)
DRV - [2005/05/23 10:31:46 | 01,034,752 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/23 10:30:50 | 00,229,376 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/05/23 10:30:42 | 00,716,288 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/04/06 10:39:08 | 00,007,188 | ---- | M] () -- C:\Windows\System32\drivers\Hmonitor.sys -- (hmonitor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/05/07 22:38:17 | 00,000,000 | ---D | M]


O1 HOSTS File: (304405 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10486 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe (AB Software)
O4 - HKLM..\Run: [kmw_run.exe] C:\Windows\System32\kmw_run.exe (Kensington Technology Group)
O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrialReset] C:\Windows\regx32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Windows\system32\logonuiX.exe) - C:\Windows\System32\logonuiX.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 04:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e90f412c-f248-11db-956a-00142a1fb183}\Shell\AutoRun\command - "" = rthrw.com
O33 - MountPoints2\{e90f412c-f248-11db-956a-00142a1fb183}\Shell\explore\Command - "" = rthrw.com
O33 - MountPoints2\{e90f412c-f248-11db-956a-00142a1fb183}\Shell\open\Command - "" = rthrw.com
O34 - HKLM BootExecute: (autocheck) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/27 06:00:36 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Users\XPUSA\Desktop\OTL.exe
[2009/11/25 18:57:32 | 00,000,000 | ---D | C] -- C:\Users\XPUSA\AppData\Local\Adobe
[2009/11/25 06:11:30 | 00,000,000 | ---D | C] -- C:\Users\XPUSA\AppData\Local\Ahead
[2009/11/20 11:28:05 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devcon.exe
[2009/11/15 15:08:26 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/11/15 15:08:25 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/11/15 15:07:40 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/11/15 15:07:40 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/11/15 15:07:40 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/11/15 15:07:13 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/11/15 15:07:12 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/11/08 21:20:28 | 00,000,000 | ---D | C] -- C:\Users\XPUSA\Desktop\Gentle Art of Verbal Self-Defense - Suzette Elgin
[2009/11/02 00:00:26 | 00,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2009/05/13 06:42:01 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Program Files\ATF-Cleaner.exe
[2007/08/15 21:55:20 | 00,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2007/08/15 21:55:19 | 00,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd.dll
[2007/08/15 21:55:17 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll

========== Files - Modified Within 30 Days ==========

[2009/11/28 09:51:00 | 07,602,176 | ---- | M] () -- C:\Users\XPUSA\ntuser.dat
[2009/11/28 09:23:51 | 00,006,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/28 09:23:51 | 00,006,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/28 09:20:19 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/28 09:20:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/27 06:01:06 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Users\XPUSA\Desktop\OTL.exe
[2009/11/23 20:07:26 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/11/23 18:08:57 | 00,626,348 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/23 18:08:57 | 00,107,334 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/23 18:08:56 | 00,728,682 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/22 19:51:23 | 00,524,288 | -HS- | M] () -- C:\Users\XPUSA\ntuser.dat{5dc4d70c-4540-11de-a94e-f5825602f6e8}.TMContainer00000000000000000001.regtrans-ms
[2009/11/22 19:51:23 | 00,065,536 | -HS- | M] () -- C:\Users\XPUSA\ntuser.dat{5dc4d70c-4540-11de-a94e-f5825602f6e8}.TM.blf
[2009/11/22 19:51:18 | 03,780,015 | -H-- | M] () -- C:\Users\XPUSA\AppData\Local\IconCache.db
[2009/11/22 11:51:24 | 00,159,607 | ---- | M] () -- C:\Windows\Marsu-Fix 2.5 Uninstaller.exe
[2009/11/21 19:34:11 | 00,064,000 | ---- | M] () -- C:\Users\XPUSA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/21 19:15:15 | 00,000,000 | ---- | M] () -- C:\Users\XPUSA\vssadmin
[2009/11/15 11:00:56 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/14 11:09:30 | 00,000,032 | ---- | M] () -- C:\Windows\0

========== Files Created - No Company Name ==========

[2009/11/22 11:51:23 | 00,159,607 | ---- | C] () -- C:\Windows\Marsu-Fix 2.5 Uninstaller.exe
[2009/11/21 19:15:15 | 00,000,000 | ---- | C] () -- C:\Users\XPUSA\vssadmin
[2009/09/29 20:09:57 | 00,031,628 | ---- | C] () -- C:\Users\XPUSA\AppData\Roaming\NMM-MetaData.db
[2009/06/01 23:27:24 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/04/14 07:43:32 | 00,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2009/02/09 10:23:31 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/11/30 23:12:40 | 00,015,424 | ---- | C] () -- C:\Windows\System32\drivers\nod32drv.sys
[2008/11/21 18:26:43 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/10/26 14:04:39 | 00,682,266 | ---- | C] () -- C:\Windows\Fonts\unins000.exe
[2008/09/27 19:32:16 | 00,110,592 | ---- | C] () -- C:\Windows\System32\suppdll.dll
[2008/09/27 19:31:56 | 00,035,363 | ---- | C] () -- C:\Windows\System32\windrvNT.sys
[2008/09/27 10:04:34 | 00,000,011 | ---- | C] () -- C:\Windows\EuBcd.ini
[2008/07/14 22:36:19 | 00,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008/07/08 03:27:00 | 00,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/03/13 04:17:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/20 11:11:16 | 00,033,800 | ---- | C] () -- C:\Windows\System32\drivers\epfwtdir.sys
[2007/10/04 10:41:54 | 00,000,094 | -H-- | C] () -- C:\Windows\System32\spv1_WCssg.ini
[2007/08/20 21:03:36 | 00,000,080 | RHS- | C] () -- C:\Windows\System32\C900869702.dll
[2007/08/15 21:55:25 | 00,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
[2007/08/15 21:55:22 | 00,384,384 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2007/08/02 19:57:17 | 00,077,312 | ---- | C] () -- C:\Windows\ua2.dll
[2007/06/23 20:28:13 | 00,000,093 | ---- | C] () -- C:\Users\XPUSA\AppData\Local\fusioncache.dat
[2007/05/04 18:10:10 | 00,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/05/03 15:17:48 | 00,002,032 | ---- | C] () -- C:\Users\XPUSA\AppData\Local\d3d9caps.dat
[2007/05/03 09:14:26 | 00,000,000 | ---- | C] () -- C:\Users\XPUSA\AppData\Local\rx_image.Cache
[2007/04/28 21:57:26 | 00,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007/04/28 15:52:20 | 00,000,209 | ---- | C] () -- C:\Windows\LogonStudio.ini
[2007/04/28 15:51:45 | 00,187,392 | ---- | C] () -- C:\Windows\System32\JPGUtils.dll
[2007/04/17 13:20:35 | 00,013,840 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2007/04/16 18:16:47 | 02,565,046 | ---- | C] () -- C:\Windows\System32\drivers\SysLib.sys
[2007/04/16 18:16:47 | 00,031,877 | ---- | C] () -- C:\Windows\System32\drivers\BkavAuto.sys
[2007/04/16 15:19:08 | 00,064,000 | ---- | C] () -- C:\Users\XPUSA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/02 19:34:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 14:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/27 08:26:56 | 00,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006/08/16 13:47:38 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2005/07/16 01:35:56 | 00,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/16 01:35:56 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/16 01:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2004/04/06 10:39:08 | 00,007,188 | ---- | C] () -- C:\Windows\System32\drivers\Hmonitor.sys
[2003/10/17 00:00:00 | 03,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2003/10/17 00:00:00 | 00,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 791 bytes -> C:\ProgramData\TEMP:08279447
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:638E6F6B
< End of report >


OTL Extras logfile created on: 11/28/2009 09:39:32 - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Users\XPUSA\Desktop
Windows Vista Ultimate Edition Service Pack 2, v.113 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.09% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32.08 Gb Total Space | 5.98 Gb Free Space | 18.64% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 35.06 Gb Free Space | 89.74% Space Free | Partition Type: NTFS
Drive E: | 6.20 Gb Total Space | 3.03 Gb Free Space | 48.90% Space Free | Partition Type: NTFS
Drive F: | 35.46 Gb Total Space | 32.07 Gb Free Space | 90.43% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 4.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
Drive K: | 244.73 Gb Total Space | 2.28 Gb Free Space | 0.93% Space Free | Partition Type: NTFS
Drive L: | 221.03 Gb Total Space | 61.29 Gb Free Space | 27.73% Space Free | Partition Type: NTFS

Computer Name: XPUSA-LT
Current User Name: XPUSA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1084266590-3323777329-4279141338-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CABA74D-3D7B-4BF9-BE1F-9713631831FD}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{2DEE6EC5-893C-4C7A-BC41-013120180CF3}" = protocol=17 | dir=in | app=c:\program files\common files\sonic shared\roxioupnprenderer9.exe |
"{31ECE337-52ED-4B55-98AE-12622A7BF31A}" = protocol=6 | dir=in | app=c:\program files\common files\sonic shared\roxioupnprenderer9.exe |
"{51AF8E82-2516-42CB-A0A4-7E41383A8E26}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{931219A8-59C6-4B6C-AD66-1F65842902A9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A8A505B1-B0EF-4BA3-91C8-2FE353C36CB9}" = protocol=17 | dir=in | app=c:\program files\common files\sonic shared\roxioupnprenderer9.exe |
"{BC9B086A-50BE-40ED-ACE3-211695EE7403}" = protocol=6 | dir=in | app=c:\program files\common files\sonic shared\roxioupnprenderer9.exe |
"{BEDD2639-B4D0-45AC-84F7-9788B0F363D1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C0ADE614-1E44-40E3-84E0-D0B9A783ACB3}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe |
"{F0B9DD2D-9423-4F37-A4CD-6C2F3939C39E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"TCP Query User{1AB5B9B7-52F8-439E-A368-379BA41ED76D}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{5EF4C31B-2287-4230-AA2F-76F78AFC73DD}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{62E6DDD3-B806-4C34-AE3F-29D2CB2E4D25}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{7FDEDE33-2835-48D9-869F-81C710E936EC}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{81B94406-72C1-4C8E-871A-485FC6FBAE80}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{FEA8B83B-5C32-4ADD-B24F-EDB31C74BB30}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{230FC1C1-7E28-4301-B5E5-68B135F7A8DD}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{53FC0AFF-073B-47BB-ABEB-9700158BBDC4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{A68A330F-0AF8-4CCD-A2FD-47AD3462B696}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{A6E040CC-16D7-4CF2-A3EE-B9F9C09A9A74}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BE49EC62-AAD9-4267-B007-50066EAAF229}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{CAEDE6CC-A0C9-4619-A330-DE38F89D140D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4C78937F-0C8E-11D9-A3EB-0001025FA304}" = Kensington MouseWorks
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = VideoCAM Messenger
"{593D4F8A-5F11-4901-A74A-6E7971E45790}" = Diskeeper 2009 Pro Premier
"{5B6E531D-6FF1-F54C-B037-42E9F00A1B08}" = Catalyst Control Center Graphics Light
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{61381335-5A73-C2F2-8841-4C59551E4D51}" = Skins
"{619D2F26-89F8-47E4-E358-6149AC3D5E8A}" = ccc-utility
"{6C30E300-8DDA-2F11-0B99-405F7DC83C7A}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{A8AAE765-CD28-2806-0C3E-56EBB64FA5A5}" = ATI Catalyst Install Manager
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BE4433ED-7406-47A8-6EFC-F366F15C14E5}" = ccc-core-static
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8 Ultra Edition HD
"{E15913B1-880E-A50A-DE4B-D88F68051E2A}" = Catalyst Control Center Graphics Previews Vista
"{ECE31E0E-9673-50E9-3392-15B9BABF7975}" = CCC Help English
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C90C9A-0D99-D416-1153-D2A2DFC9905E}" = Catalyst Control Center Graphics Full New
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB1C4FC2-5D1B-EB4F-D823-DC42A4D77734}" = Catalyst Control Center Graphics Full Existing
"{FF4854C7-1A19-93C9-AC9E-7A6F814D927B}" = Catalyst Control Center Core Implementation
"5 Line Slots" = 5 Line Slots
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8461-7759-5462-8226" = Vuze
"Acala DVD Copy_is1" = Acala DVD Copy 2.5.8
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adventure Inlay" = Adventure Inlay
"Adventure Inlay - Safari Edition" = Adventure Inlay - Safari Edition
"Aimersoft MKV Converter_is1" = Aimersoft MKV Converter(Build 2.2.0.37)
"Air Strike 3D" = Air Strike 3D
"Alien Sky" = Alien Sky
"Aloha Solitaire" = Aloha Solitaire
"Ancient Tripeaks" = Ancient Tripeaks
"Astrobatics" = Astrobatics
"Atomaders" = Atomaders
"Bejeweled 2" = Bejeweled 2
"Belltech Business Card Designer Pro 4.0_is1" = Belltech Business Card Designer Pro 4.0
"Big Kahuna Reef" = Big Kahuna Reef
"Boggle Supreme" = Boggle Supreme
"Bounce Out Blitz" = Bounce Out Blitz
"Candy Cruncher" = Candy Cruncher
"Casino Island To Go" = Casino Island To Go
"CDisplay_is1" = CDisplay 1.8
"Chainz" = Chainz
"Charm Solitaire" = Charm Solitaire
"Charm Tale" = Charm Tale
"Chuzzle Deluxe" = Chuzzle Deluxe
"CleanMem" = CleanMem
"Collapse! Crunch" = Collapse! Crunch
"Combo Chaos!" = Combo Chaos!
"Crystal Path" = Crystal Path
"Cubis Gold 2" = Cubis Gold 2
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
"Digby's Donuts" = Digby's Donuts
"Diner Dash" = Diner Dash
"Dorgem_is1" = Dorgem 2.1.0
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
"eMule" = eMule
"EXCEL" = Microsoft Office Excel 2007
"Feeding Frenzy" = Feeding Frenzy
"Fiber Twig" = Fiber Twig
"Flip Words" = Flip Words
"FLVPlayer" = FLV Player 1.3.3
"Fruit Frolic" = Fruit Frolic
"Gearz" = Gearz
"Gutterball" = Gutterball
"Gutterball 2" = Gutterball 2
"Hamsterball" = Hamsterball
"Hardware sensors monitor 4.1_is1" = Hardware sensors monitor 4.1
"Hello! from GameHouse" = Hello! from GameHouse
"HijackThis" = HijackThis 2.0.2
"Holiday Express" = Holiday Express
"Iggle Pop!" = Iggle Pop!
"Incadia" = Incadia
"Incredible Ink" = Incredible Ink
"Insaniquarium Deluxe" = Insaniquarium Deluxe
"Inspector Parker" = Inspector Parker
"Jewel Quest" = Jewel Quest
"Lemonade Tycoon" = Lemonade Tycoon
"Letter Linker" = Letter Linker
"Luxor" = Luxor
"Mad Caps" = Mad Caps
"Magic Ball 2 New Worlds" = Magic Ball 2 New Worlds
"Magic Ball Deluxe" = Magic Ball Deluxe
"Magic Inlay" = Magic Inlay
"Mah Jong Medley" = Mah Jong Medley
"Mah Jong Quest" = Mah Jong Quest
"Mahjong Garden To Go" = Mahjong Garden To Go
"Mahjong Towers Eternity" = Mahjong Towers Eternity
"Marsu-Fix 2.5" = Marsu-Fix 2.5
"Maui Wowee" = Maui Wowee
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"Nickelodeon Jigsaw Blue" = Nickelodeon Jigsaw Blue
"Nickelodeon Jigsaw Dora" = Nickelodeon Jigsaw Dora
"Nickelodeon Jigsaw Neutron" = Nickelodeon Jigsaw Neutron
"Nickelodeon Jigsaw OddParents" = Nickelodeon Jigsaw OddParents
"Nickelodeon Jigsaw SpongeBob" = Nickelodeon Jigsaw SpongeBob
"Nokia PC Suite" = Nokia PC Suite
"OEMInformation" = OEM Logo and Information
"Photodex Presenter" = Photodex Presenter
"Pizza Frenzy" = Pizza Frenzy
"Platypus" = Platypus
"Poker Superstars" = Poker Superstars
"POWERPOINT" = Microsoft Office PowerPoint 2007
"ProShow Gold" = ProShow Gold
"Puzzle Express" = Puzzle Express
"Puzzle Inlay" = Puzzle Inlay
"Puzzle Solitaire" = Puzzle Solitaire
"QBz" = QBz
"Registry Mechanic_is1" = Registry Mechanic 5.1
"Ricochet Lost Worlds" = Ricochet Lost Worlds
"Ricochet Lost Worlds: Recharged" = Ricochet Lost Worlds: Recharged
"SCRABBLE" = SCRABBLE
"Shape Shifter" = Shape Shifter
"Slingo Deluxe" = Slingo Deluxe
"Spelvin" = Spelvin
"Splash" = Splash
"Spring Sprang Sprung" = Spring Sprang Sprung
"Super Blackjack! from GameHouse" = Super Blackjack! from GameHouse
"Super Bounce Out! from GameHouse" = Super Bounce Out! from GameHouse
"Super Collapse! from GameHouse" = Super Collapse! from GameHouse
"Super Collapse! II Platinum" = Super Collapse! II Platinum
"Super GameHouse Solitaire Vol. 1" = Super GameHouse Solitaire Vol. 1
"Super GameHouse Solitaire Vol. 2" = Super GameHouse Solitaire Vol. 2
"Super GameHouse Solitaire Vol. 3" = Super GameHouse Solitaire Vol. 3
"Super Gem Drop" = Super Gem Drop
"Super Glinx! from GameHouse" = Super Glinx! from GameHouse
"Super Jigsaw Anne Geddes "Down in the Garden"" = Super Jigsaw Anne Geddes "Down in the Garden"
"Super Jigsaw Butterflies" = Super Jigsaw Butterflies
"Super Jigsaw Flowers" = Super Jigsaw Flowers
"Super Jigsaw GameHouse Demo" = Super Jigsaw GameHouse Demo
"Super Jigsaw GameHouse Demo 2004" = Super Jigsaw GameHouse Demo 2004
"Super Jigsaw GreatArt" = Super Jigsaw GreatArt
"Super Jigsaw Kinkade" = Super Jigsaw Kinkade
"Super Jigsaw Kinkade Holiday" = Super Jigsaw Kinkade Holiday
"Super Jigsaw Landscapes" = Super Jigsaw Landscapes
"Super Jigsaw Lighthouses" = Super Jigsaw Lighthouses
"Super Jigsaw Medley" = Super Jigsaw Medley
"Super Jigsaw Medley 2" = Super Jigsaw Medley 2
"Super Jigsaw Pets" = Super Jigsaw Pets
"Super Jigsaw Starter" = Super Jigsaw Starter
"Super Jigsaw USA Starter" = Super Jigsaw USA Starter
"Super Jigsaw Variety" = Super Jigsaw Variety
"Super Jigsaw Wyland" = Super Jigsaw Wyland
"Super Mah Jong from GameHouse" = Super Mah Jong from GameHouse
"Super Nisqually from GameHouse" = Super Nisqually from GameHouse
"Super Pool" = Super Pool
"Super Pop && Drop!" = Super Pop && Drop!
"Super Rumble Cube" = Super Rumble Cube
"Super SpongeBob Collapse!" = Super SpongeBob Collapse!
"Super TextTwist" = Super TextTwist
"Super WHATword?" = Super WHATword?
"Tap a Jam" = Tap a Jam
"Ten Pin Championship Bowling Pro" = Ten Pin Championship Bowling Pro
"Tennis Titans" = Tennis Titans
"The Walls of Jericho" = The Walls of Jericho
"Trivia Machine" = Trivia Machine
"Tumblebugs" = Tumblebugs
"Turtle Bay" = Turtle Bay
"Ultimate Dominoes" = Ultimate Dominoes
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Unlocker" = Unlocker 1.8.5
"Varmintz Deluxe" = Varmintz Deluxe
"VLC media player" = VideoLAN VLC media player 0.8.6i
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"Wheel of Fortune" = Wheel of Fortune
"Wild Wild Words" = Wild Wild Words
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"Word Jolt" = Word Jolt
"Word Slinger" = Word Slinger
"WordJong To Go" = WordJong To Go
"Yahoo! Messenger" = Yahoo! Messenger
"Zuma Deluxe" = Zuma Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Folder Lock" = Folder Lock

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/30/2008 11:14:39 | Computer Name = XPUSA-LT | Source = VSS | ID = 12289
Description =

Error - 7/30/2008 11:14:39 | Computer Name = XPUSA-LT | Source = VSS | ID = 13
Description =

Error - 7/30/2008 11:14:39 | Computer Name = XPUSA-LT | Source = VSS | ID = 12289
Description =

Error - 7/30/2008 11:14:39 | Computer Name = XPUSA-LT | Source = VSS | ID = 13
Description =

Error - 7/30/2008 11:14:39 | Computer Name = XPUSA-LT | Source = VSS | ID = 12289
Description =

Error - 7/30/2008 11:14:39 | Computer Name = XPUSA-LT | Source = VSS | ID = 13
Description =

Error - 7/30/2008 11:14:39 | Computer Name = XPUSA-LT | Source = VSS | ID = 12289
Description =

Error - 7/30/2008 11:14:39 | Computer Name = XPUSA-LT | Source = VSS | ID = 13
Description =

Error - 7/30/2008 11:14:39 | Computer Name = XPUSA-LT | Source = VSS | ID = 12289
Description =

Error - 7/30/2008 13:54:05 | Computer Name = XPUSA-LT | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.6.0, time stamp 0x4675098d,
faulting module libvlc.dll, version 0.0.0.0, time stamp 0x4675098d, exception code
0xc0000005, fault offset 0x0001b443, process id 0x348, application start time 0x01c8f25bbc01cc94.

[ Media Center Events ]
Error - 10/5/2009 13:31:28 | Computer Name = XPUSA-LT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 22:45:19 | Computer Name = XPUSA-LT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 5/26/2007 02:28:50 | Computer Name = XPUSA-LT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 456
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/25/2009 15:27:32 | Computer Name = XPUSA-LT | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/25/2009 15:39:28 | Computer Name = XPUSA-LT | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/25/2009 15:39:31 | Computer Name = XPUSA-LT | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/25/2009 18:10:21 | Computer Name = XPUSA-LT | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/26/2009 08:05:29 | Computer Name = XPUSA-LT | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/26/2009 08:27:34 | Computer Name = XPUSA-LT | Source = DCOM | ID = 10000
Description =

Error - 11/26/2009 15:23:58 | Computer Name = XPUSA-LT | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 11/27/2009 20:58:22 | Computer Name = XPUSA-LT | Source = DCOM | ID = 10000
Description =

Error - 11/27/2009 22:20:05 | Computer Name = XPUSA-LT | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:17:09 AM on 11/28/2009 was unexpected.

Error - 11/27/2009 22:22:51 | Computer Name = XPUSA-LT | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >

#5 somchaigirl

somchaigirl
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 28 November 2009 - 12:58 AM

Also, when I run Diskeeper 2009 defragmenter, there are now a lot of 'pink' low peformance files which I'm unable to defragment into the blue.

Another major problem is that there are no system restore points holding either. I can create a restore point and later it will be gone.

Edited by somchaigirl, 28 November 2009 - 01:08 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:24 PM

Posted 28 November 2009 - 12:55 PM

Hi,

your problems probably stem from the services you disabled. As a first step I would suggest that you undo all the modifications you did on that webpage. That will probably fix your problem with system restore.

Afterwards please upload the following file:
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.
C:\windows\regx32.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 somchaigirl

somchaigirl
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 01 February 2010 - 10:45 AM

Solved part of the problem -- hard drive had bad physical sectors and the bluetooth donger was holding the start back. All fixed now.

Only problem now is that when I hover over start after the bootup...explorer.exe hangs for a couple of minutes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users