Inactive Windows must restart now when playing games

rearbit · 2009/09/21

[Inactive] Windows must restart now when playing games

G'day BBS,

I recieve the following message "Windows must now restart because the plug & play service terminated unexpectedly" while playing Transformers: Revenge of the fallen.

I also have gotten once "Windows must now restart because DCOM server process launcher service terminated unexpectedly" while playing Assassins Creed.

From what i have read elsewhere these two seem to be related.

i tried to run DDS and i get an error saying "This tool does not support your OS ". i am running Vista 64 bit.

Thank you in advance.

broni · 2009/09/21

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Since those are pretty big files, you can attach them, if you wish.

rearbit · 2009/09/21

OK all done I wasn't sure how to attach though so....

OTL logfile created on: 22/09/2009 12:36:28 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\PC1\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 68.27% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 181.34 Gb Free Space | 64.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 693.25 Gb Free Space | 74.42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC1-PC
Current User Name: PC1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/08/18 01:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/18 02:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/18 02:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/10/01 12:03:52 | 00,255,552 | ---- | M] (BillP Studios) -- F:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/02/05 13:43:26 | 00,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2008/03/25 17:21:56 | 00,219,656 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
PRC - [2009/09/12 22:52:16 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/09/12 22:52:23 | 00,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009/08/18 02:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/18 02:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/22 12:35:35 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\PC1\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/14 12:15:40 | 00,202,752 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility [Auto | Running])
SRV:64bit: - [2008/01/19 18:00:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt [On_Demand | Stopped])
SRV:64bit: - [2009/04/11 17:11:14 | 00,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService [Auto | Running])
SRV:64bit: - [2008/01/19 18:00:17 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fxssvc.exe -- (Fax [On_Demand | Stopped])
SRV:64bit: - [2009/04/11 17:11:27 | 00,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService [On_Demand | Stopped])
SRV:64bit: - [2009/04/11 17:11:04 | 01,149,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine [On_Demand | Stopped])
SRV:64bit: - [2008/01/19 18:06:50 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2009/03/30 17:19:56 | 02,297,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc [Disabled | Stopped])
SRV:64bit: - [2008/01/19 18:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2009/08/18 01:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/18 02:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/18 02:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/18 02:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/03/30 14:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/30 14:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/01/19 18:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/19 18:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/03 01:03:44 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/02/05 13:43:26 | 00,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service [Auto | Running])
SRV - [2009/02/19 04:40:04 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/02/19 04:39:11 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/11/02 19:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Stopped])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/11/02 23:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2009/04/11 16:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/09/12 22:52:16 | 00,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/09/12 22:52:23 | 00,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2006/11/02 16:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 16:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bigpond.com/home/ "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:3.22
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/14 10:25:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2009/09/13 20:47:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2009/09/13 20:47:49 | 00,000,000 | ---D | M]

[2009/09/12 00:02:33 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\mozilla\Extensions
[2009/09/12 00:02:33 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/22 07:21:28 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\mozilla\Firefox\Profiles\gfh2ri95.default\extensions
[2009/09/13 22:41:13 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\mozilla\Firefox\Profiles\gfh2ri95.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/09/13 22:41:13 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\mozilla\Firefox\Profiles\gfh2ri95.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/09/13 22:41:15 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\mozilla\Firefox\Profiles\gfh2ri95.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/09/13 22:41:17 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\mozilla\Firefox\Profiles\gfh2ri95.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] F:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] F:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/octet-stream - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-complus - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-msdownload - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - deflate - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - gzip - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/05 17:11:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{666adbc1-9e0c-11de-af00-00241d7eda85}\Shell - " " = AutoRun
O33 - MountPoints2\{666adbc1-9e0c-11de-af00-00241d7eda85}\Shell\AutoRun\command - " " = G:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs:64bit: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs:64bit: Ias - Service key not found. File not found
NetSvcs:64bit: Irmon - Service key not found. File not found
NetSvcs:64bit: Nla - Service key not found. File not found
NetSvcs:64bit: Ntmssvc - Service key not found. File not found
NetSvcs:64bit: NWCWorkstation - Service key not found. File not found
NetSvcs:64bit: Nwsapagent - Service key not found. File not found
NetSvcs:64bit: SRService - Service key not found. File not found
NetSvcs:64bit: Wmi - Service key not found. File not found
NetSvcs:64bit: WmdmPmSp - Service key not found. File not found
NetSvcs:64bit: LogonHours - Service key not found. File not found
NetSvcs:64bit: PCAudit - Service key not found. File not found
NetSvcs:64bit: helpsvc - Service key not found. File not found
NetSvcs:64bit: uploadmgr - Service key not found. File not found
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[4 C:\Windows\SysWow64\*.tmp files]
[2009/09/22 12:35:33 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\PC1\Desktop\OTL.exe
[2009/09/21 20:43:44 | 00,359,932 | ---- | C] () -- C:\Users\PC1\Desktop\dds.scr
[2009/09/20 15:40:18 | 00,000,000 | ---D | C] -- C:\Users\PC1\Documents\Red Alert 3
[2009/09/20 15:33:14 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\Red Alert 3
[2009/09/20 15:27:28 | 00,000,000 | RH-D | C] -- C:\Users\PC1\AppData\Roaming\SecuROM
[2009/09/20 14:37:19 | 00,000,000 | ---D | C] -- C:\Users\PC1\Documents\Activision
[2009/09/20 14:37:19 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\Activision
[2009/09/20 14:37:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Activision
[2009/09/18 21:07:55 | 00,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2009/09/18 17:44:53 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2009/09/18 17:44:53 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2009/09/18 17:44:53 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2009/09/18 17:44:53 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2009/09/18 17:44:53 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2009/09/18 17:44:52 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2009/09/18 17:43:10 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/09/18 17:28:13 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2009/09/17 15:44:28 | 00,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2009/09/17 15:44:28 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/17 15:44:09 | 00,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2009/09/17 15:43:44 | 00,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2009/09/17 15:43:42 | 00,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2009/09/17 15:43:36 | 00,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/17 15:43:36 | 00,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2009/09/17 15:43:31 | 03,662,128 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
[2009/09/17 15:43:31 | 03,662,128 | ---- | C] () -- C:\Windows\SysNative\locale.nls
[2009/09/17 15:43:31 | 00,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2009/09/17 15:42:40 | 00,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2009/09/17 15:42:38 | 00,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2009/09/17 15:42:38 | 00,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2009/09/17 15:42:33 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/17 15:42:15 | 00,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2009/09/17 15:42:15 | 00,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2009/09/17 15:41:58 | 00,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2009/09/17 15:41:58 | 00,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2009/09/17 15:41:54 | 00,000,153 | ---- | C] () -- C:\Windows\SysWow64\RacUREx.xml
[2009/09/17 15:41:54 | 00,000,153 | ---- | C] () -- C:\Windows\SysNative\RacUREx.xml
[2009/09/16 20:13:52 | 00,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/09/16 19:48:26 | 00,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/09/16 19:48:26 | 00,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2009/09/16 19:48:20 | 11,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2009/09/16 19:48:20 | 11,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2009/09/16 19:47:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/09/16 19:47:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2009/09/16 19:12:15 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/09/16 19:01:07 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/09/16 18:39:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2009/09/16 18:08:32 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/09/15 19:40:17 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2009/09/15 16:58:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2009/09/14 19:21:05 | 00,016,384 | ---- | C] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_2.IFO
[2009/09/14 19:21:05 | 00,014,336 | ---- | C] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_4.IFO
[2009/09/14 19:21:05 | 00,014,336 | ---- | C] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_3.IFO
[2009/09/14 19:21:05 | 00,012,288 | ---- | C] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_0.IFO
[2009/09/14 19:21:05 | 00,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2009/09/14 16:28:51 | 00,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2009/09/14 14:33:38 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\Ubisoft
[2009/09/14 14:12:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2009/09/14 14:12:19 | 00,000,000 | ---D | C] -- C:\Users\PC1\Documents\Codemasters
[2009/09/14 12:39:55 | 00,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2009/09/14 12:39:55 | 00,121,880 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2009/09/14 12:39:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2009/09/14 11:32:42 | 00,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2009/09/14 11:16:19 | 00,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\threed32.ocx
[2009/09/14 10:56:21 | 00,147,439 | ---- | C] () -- C:\Windows\SysWow64\gpedit.msc
[2009/09/14 10:56:21 | 00,147,439 | ---- | C] () -- C:\Windows\SysNative\gpedit.msc
[2009/09/14 10:55:33 | 00,195,122 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2009/09/14 10:55:33 | 00,195,122 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2009/09/14 10:54:29 | 00,069,120 | ---- | C] () -- C:\Windows\SysNative\PrintBrmUi.exe
[2009/09/14 10:53:47 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/09/14 10:53:47 | 00,060,124 | ---- | C] () -- C:\Windows\SysNative\tcpmon.ini
[2009/09/14 10:53:40 | 00,128,482 | ---- | C] () -- C:\Windows\SysNative\manage-bde.wsf
[2009/09/14 10:53:27 | 00,081,158 | ---- | C] () -- C:\Windows\SysNative\manage-bde.ini.en
[2009/09/14 10:53:12 | 00,012,198 | ---- | C] () -- C:\Windows\SysNative\gatherWiredInfo.vbs
[2009/09/14 10:53:09 | 00,144,909 | ---- | C] () -- C:\Windows\SysWow64\fsmgmt.msc
[2009/09/14 10:53:09 | 00,144,909 | ---- | C] () -- C:\Windows\SysNative\fsmgmt.msc
[2009/09/14 10:53:03 | 00,120,458 | ---- | C] () -- C:\Windows\SysNative\secpol.msc
[2009/09/14 10:53:02 | 00,145,455 | ---- | C] () -- C:\Windows\SysWow64\perfmon.msc
[2009/09/14 10:53:02 | 00,145,455 | ---- | C] () -- C:\Windows\SysNative\perfmon.msc
[2009/09/14 10:53:02 | 00,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2009/09/13 23:51:38 | 00,726,124 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/13 23:17:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2009/09/13 23:15:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/09/13 23:15:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2009/09/13 23:14:16 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/09/13 23:14:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2009/09/13 22:44:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/09/13 22:44:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/09/13 22:43:43 | 00,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2009/09/13 22:43:24 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Local\Microsoft Help
[2009/09/13 22:43:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/09/13 22:43:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2009/09/13 22:42:45 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/09/13 22:34:24 | 00,001,820 | ---- | C] () -- C:\Windows\SysNative\rasctrnm.h
[2009/09/13 22:34:22 | 00,001,820 | ---- | C] () -- C:\Windows\SysWow64\rasctrnm.h
[2009/09/13 22:00:22 | 39,780,352 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/09/13 22:00:22 | 00,262,144 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/09/13 22:00:22 | 00,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/09/13 13:42:04 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Local\id Software
[2009/09/13 13:42:03 | 00,000,000 | ---D | C] -- C:\Users\PC1\Documents\id Software
[2009/09/13 00:39:31 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Local\Microsoft Games
[2009/09/13 00:35:07 | 00,000,326 | ---- | C] () -- C:\Windows\d3xp.ini
[2009/09/13 00:30:43 | 00,000,319 | ---- | C] () -- C:\Windows\doom3.ini
[2009/09/13 00:25:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DOOM 3
[2009/09/12 22:55:10 | 00,000,000 | ---D | C] -- C:\Users\PC1\Documents\My Games
[2009/09/12 22:52:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2009/09/12 22:52:19 | 00,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/09/12 22:52:16 | 02,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/09/12 22:52:16 | 00,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/09/12 22:21:51 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Local\Activision
[2009/09/12 22:04:42 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2009/09/12 21:27:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Futuremark
[2009/09/12 21:14:55 | 00,000,804 | ---- | C] () -- C:\Users\Public\Desktop\3DMark Vantage.lnk
[2009/09/12 21:14:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2009/09/12 21:13:45 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2009/09/12 21:13:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2009/09/12 21:13:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2009/09/12 12:46:13 | 00,000,414 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{704DA8D6-4566-473B-BF89-31077AF14737}.job
[2009/09/12 12:42:57 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/09/12 12:42:24 | 50,216,9175 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/09/12 11:55:48 | 05,173,760 | ---- | C] () -- C:\Users\PC1\Desktop\prime95.exe
[2009/09/12 11:29:37 | 00,019,432 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys
[2009/09/12 11:29:37 | 00,000,695 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2009/09/12 11:13:22 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\uTorrent
[2009/09/12 00:02:34 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/12 00:02:32 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\Mozilla
[2009/09/12 00:02:32 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Local\Mozilla
[2009/09/12 00:00:43 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\WinPatrol
[2009/09/11 23:57:55 | 00,005,632 | ---- | C] () -- C:\Users\PC1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 23:43:26 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\Macromedia
[2009/09/11 23:28:57 | 00,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2009/09/11 23:28:57 | 00,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2009/09/11 23:24:17 | 00,006,173 | ---- | C] () -- C:\Windows\SysWow64\drivers\Entech.vxd
[2009/09/11 23:24:17 | 00,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009/09/11 23:24:17 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Futuremark
[2009/09/11 23:19:16 | 00,011,114 | ---- | C] () -- C:\ProgramData\MainApp.dll
[2009/09/11 23:19:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Configs
[2009/09/11 23:16:56 | 00,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo3.dll
[2009/09/11 23:16:13 | 00,099,384 | ---- | C] () -- C:\Users\PC1\AppData\Roaming\inst.exe
[2009/09/11 23:16:13 | 00,082,816 | ---- | C] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2009/09/11 23:16:13 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\PC1\AppData\Roaming\pcouffin.sys
[2009/09/11 23:16:13 | 00,007,859 | ---- | C] () -- C:\Users\PC1\AppData\Roaming\pcouffin.cat
[2009/09/11 23:16:13 | 00,001,167 | ---- | C] () -- C:\Users\PC1\AppData\Roaming\pcouffin.inf
[2009/09/11 23:16:13 | 00,000,635 | ---- | C] () -- C:\Users\PC1\Desktop\CloneDVD.lnk
[2009/09/11 23:16:13 | 00,000,000 | ---D | C] -- C:\Users\PC1\Documents\PcSetup
[2009/09/11 23:16:13 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\Vso
[2009/09/11 23:16:10 | 00,000,000 | ---D | C] -- C:\ProgramData\DVDXStudio
[2009/09/11 22:39:57 | 00,000,000 | ---D | C] -- C:\ATI
[2009/09/11 22:17:04 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2009/09/11 22:17:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2009/09/11 22:14:33 | 00,000,000 | ---D | C] -- C:\AMD
[2009/09/11 22:13:29 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\AdobeUM
[2009/09/11 22:13:27 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Local\Adobe
[2009/09/11 22:13:23 | 00,000,000 | ---D | C] -- C:\Users\PC1\Documents\My eBooks
[2009/09/11 22:13:20 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\Adobe
[2009/09/11 18:24:52 | 00,056,483 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/09/11 18:16:35 | 02,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2009/09/11 18:16:34 | 00,015,181 | ---- | C] () -- C:\Windows\SysNative\gatherWirelessInfo.vbs
[2009/09/11 13:27:28 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/09/11 13:27:15 | 00,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2009/09/11 13:27:14 | 00,000,223 | -HS- | C] () -- C:\Boot.BAK
[2009/09/11 13:27:13 | 00,333,257 | RHS- | C] () -- C:\bootmgr
[2009/09/11 13:27:13 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/09/11 13:26:46 | 00,000,059 | R--- | C] () -- C:\Windows\DELL_VERSION
[2009/09/11 13:26:46 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
[2009/09/11 13:13:27 | 00,000,000 | ---D | C] -- C:\Windows.old
[2009/09/11 00:33:58 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\ATI
[2009/09/11 00:33:58 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Local\ATI
[2009/09/11 00:33:40 | 00,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/11 00:33:39 | 42,923,37664 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/11 00:28:52 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009/09/11 00:18:55 | 00,000,680 | ---- | C] () -- C:\Users\PC1\AppData\Local\d3d9caps.dat
[2009/09/11 00:16:55 | 00,000,640 | ---- | C] () -- C:\Users\PC1\Desktop\SpeedFan.lnk
[2009/09/11 00:16:54 | 00,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2009/09/11 00:10:34 | 00,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/10 23:55:34 | 00,027,216 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2009/09/10 23:55:33 | 00,058,448 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2009/09/10 23:55:32 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\AvastSS.scr
[2009/09/10 23:55:31 | 00,089,680 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2009/09/10 23:55:31 | 00,065,616 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2009/09/10 23:55:31 | 00,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2009/09/10 23:55:31 | 00,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2009/09/10 23:55:13 | 01,279,456 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2009/09/10 23:55:13 | 00,380,928 | ---- | C] () -- C:\Windows\SysWow64\actskin4.ocx
[2009/09/10 22:39:48 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/09/10 22:38:45 | 00,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2009/09/10 22:35:23 | 00,871,408 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/09/10 22:35:16 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\DAEMON Tools Lite
[2009/09/10 22:32:50 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2009/09/10 21:22:05 | 00,050,688 | R--- | C] (Realtek Corporation) -- C:\Windows\SysNative\drivers\RtTeam60.sys
[2009/09/10 21:21:36 | 00,024,064 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtVlan60.sys
[2009/09/10 21:21:13 | 00,026,624 | R--- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\RtNdPt60.sys
[2009/09/10 21:20:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/09/10 21:19:16 | 00,000,000 | ---D | C] -- C:\Windows\Cache
[2009/09/10 21:16:59 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/09/10 21:01:24 | 00,000,000 | ---D | C] -- C:\RaidTool
[2009/09/10 21:01:01 | 00,000,000 | ---D | C] -- C:\Windows\RaidTool
[2009/09/10 20:59:32 | 00,010,240 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\RtNicProp64.dll
[2009/09/10 20:58:59 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\InstallShield
[2009/09/10 20:54:48 | 00,000,553 | R--- | C] () -- C:\Windows\USetup.iss
[2009/09/10 20:53:32 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2009/09/10 20:53:32 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/09/10 20:52:57 | 00,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2009/09/10 20:52:57 | 00,331,808 | ---- | C] () -- C:\Windows\SysNative\RtlCPAPI64.dll
[2009/09/10 20:52:57 | 00,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2009/09/10 20:52:57 | 00,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2009/09/10 20:52:57 | 00,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2009/09/10 20:52:56 | 01,152,544 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll
[2009/09/10 20:52:56 | 00,296,448 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\RTPCEE64.dll
[2009/09/10 20:52:55 | 00,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2009/09/10 20:52:54 | 00,164,352 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\FMAPO64.dll
[2009/09/10 20:52:54 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2009/09/10 20:52:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2009/09/10 20:52:37 | 00,146,528 | ---- | C] (DeviceVM Inc.) -- C:\Windows\SysWow64\dvmurl.dll
[2009/09/10 20:52:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Configuration Utility
[2009/09/10 20:52:15 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/09/10 20:52:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Gigabyte
[2009/09/10 20:52:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2009/09/10 20:51:48 | 00,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2009/09/10 20:51:48 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009/09/10 20:45:01 | 01,513,021 | -H-- | C] () -- C:\Users\PC1\AppData\Local\IconCache.db
[2009/09/10 19:56:44 | 00,099,880 | ---- | C] () -- C:\Users\PC1\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/10 19:54:41 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\Identities
[2009/09/10 19:54:38 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Local\VirtualStore
[2009/09/10 19:54:35 | 00,000,732 | ---- | C] () -- C:\Users\PC1\AppData\Local\d3d9caps64.dat
[2009/09/10 19:54:33 | 00,000,000 | --SD | C] -- C:\Users\PC1\AppData\Roaming\Microsoft
[2009/09/10 19:54:33 | 00,000,000 | -HSD | C] -- C:\Users\PC1\Documents\My Videos
[2009/09/10 19:54:33 | 00,000,000 | -HSD | C] -- C:\Users\PC1\Documents\My Pictures
[2009/09/10 19:54:33 | 00,000,000 | -HSD | C] -- C:\Users\PC1\Documents\My Music
[2009/09/10 19:54:33 | 00,000,000 | -HSD | C] -- C:\Users\PC1\AppData\Local\Temporary Internet Files
[2009/09/10 19:54:33 | 00,000,000 | -HSD | C] -- C:\Users\PC1\AppData\Local\History
[2009/09/10 19:54:33 | 00,000,000 | -HSD | C] -- C:\Users\PC1\AppData\Local\Application Data
[2009/09/10 19:54:33 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Roaming\Media Center Programs
[2009/09/10 19:54:33 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Local\Temp
[2009/09/10 19:54:33 | 00,000,000 | ---D | C] -- C:\Users\PC1\AppData\Local\Microsoft
[2009/09/10 19:54:21 | 00,171,136 | RHS- | C] () -- C:\grldr
[2009/09/10 19:32:38 | 00,000,367 | RHS- | C] () -- C:\Boot.ini.saved
[2009/09/10 19:31:48 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/09/10 19:30:54 | 00,000,000 | ---D | C] -- C:\Windows\Debug
[2009/09/10 19:30:54 | 00,000,000 | ---D | C] -- C:\Windows\CSC
[2009/09/10 19:28:30 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch

rearbit · 2009/09/21

========== Files - Modified Within 14 Days ==========

[4 C:\Windows\SysWow64\*.tmp files]
[2009/09/22 12:35:35 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\PC1\Desktop\OTL.exe
[2009/09/22 12:33:08 | 00,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2009/09/22 12:33:08 | 00,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2009/09/22 12:32:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/22 12:32:53 | 00,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/22 12:32:53 | 00,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/22 12:32:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/22 12:32:45 | 42,923,37664 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/22 10:01:10 | 01,513,021 | -H-- | M] () -- C:\Users\PC1\AppData\Local\IconCache.db
[2009/09/22 06:55:42 | 00,720,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/09/22 06:55:42 | 00,625,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/09/22 06:55:42 | 00,108,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/09/21 20:43:45 | 00,359,932 | ---- | M] () -- C:\Users\PC1\Desktop\dds.scr
[2009/09/20 13:28:39 | 00,011,114 | ---- | M] () -- C:\ProgramData\MainApp.dll
[2009/09/19 19:06:16 | 50,216,9175 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/09/18 17:48:17 | 00,371,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/09/18 17:43:10 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/09/16 20:13:52 | 00,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/09/15 19:50:40 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/09/15 19:23:04 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\SysWow64\ifxcardm.dll
[2009/09/15 19:23:03 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\SysWow64\axaltocm.dll
[2009/09/15 19:23:02 | 00,134,144 | ---- | M] (Infineon Technologies AG) -- C:\Windows\SysNative\ifxcardm.dll
[2009/09/15 19:23:00 | 00,133,632 | ---- | M] (Gemalto, Inc.) -- C:\Windows\SysNative\axaltocm.dll
[2009/09/14 19:21:05 | 00,016,384 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_2.IFO
[2009/09/14 19:21:05 | 00,014,336 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_4.IFO
[2009/09/14 19:21:05 | 00,014,336 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_3.IFO
[2009/09/14 19:21:05 | 00,012,288 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_0.IFO
[2009/09/14 19:07:02 | 00,005,632 | ---- | M] () -- C:\Users\PC1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/14 18:50:42 | 00,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2009/09/14 18:50:42 | 00,121,880 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2009/09/14 18:50:41 | 00,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2009/09/14 18:50:41 | 00,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2009/09/14 10:21:50 | 00,099,880 | ---- | M] () -- C:\Users\PC1\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/13 23:51:38 | 00,726,124 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/13 23:34:01 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/09/13 22:34:24 | 00,001,820 | ---- | M] () -- C:\Windows\SysNative\rasctrnm.h
[2009/09/13 22:34:22 | 00,001,820 | ---- | M] () -- C:\Windows\SysWow64\rasctrnm.h
[2009/09/13 22:16:59 | 39,780,352 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/09/13 22:16:58 | 00,262,144 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/09/13 22:16:58 | 00,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/09/13 00:35:07 | 00,000,326 | ---- | M] () -- C:\Windows\d3xp.ini
[2009/09/13 00:30:43 | 00,000,319 | ---- | M] () -- C:\Windows\doom3.ini
[2009/09/12 22:52:23 | 00,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/09/12 22:52:16 | 02,337,865 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/09/12 22:52:16 | 00,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/09/12 21:16:34 | 00,000,804 | ---- | M] () -- C:\Users\Public\Desktop\3DMark Vantage.lnk
[2009/09/12 21:09:51 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/09/12 12:46:13 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{704DA8D6-4566-473B-BF89-31077AF14737}.job
[2009/09/12 11:29:37 | 00,000,695 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2009/09/12 00:02:34 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/09/11 23:16:56 | 00,000,014 | ---- | M] () -- C:\Windows\SysWow64\systeminfo3.dll
[2009/09/11 23:16:13 | 00,099,384 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\inst.exe
[2009/09/11 23:16:13 | 00,082,816 | ---- | M] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2009/09/11 23:16:13 | 00,082,816 | ---- | M] (VSO Software) -- C:\Users\PC1\AppData\Roaming\pcouffin.sys
[2009/09/11 23:16:13 | 00,007,859 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\pcouffin.cat
[2009/09/11 23:16:13 | 00,001,167 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\pcouffin.inf
[2009/09/11 23:16:13 | 00,000,635 | ---- | M] () -- C:\Users\PC1\Desktop\CloneDVD.lnk
[2009/09/11 22:25:28 | 00,000,640 | ---- | M] () -- C:\Users\PC1\Desktop\SpeedFan.lnk
[2009/09/11 18:24:52 | 00,056,483 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/09/11 18:16:35 | 02,608,861 | ---- | M] () -- C:\Windows\SysNative\wlan.tmf
[2009/09/11 18:16:34 | 00,015,181 | ---- | M] () -- C:\Windows\SysNative\gatherWirelessInfo.vbs
[2009/09/11 13:27:15 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/09/11 13:27:14 | 00,000,367 | RHS- | M] () -- C:\Boot.ini.saved
[2009/09/11 00:33:40 | 00,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2009/09/11 00:19:32 | 00,000,732 | ---- | M] () -- C:\Users\PC1\AppData\Local\d3d9caps64.dat
[2009/09/11 00:18:55 | 00,000,680 | ---- | M] () -- C:\Users\PC1\AppData\Local\d3d9caps.dat
[2009/09/11 00:16:54 | 00,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2009/09/11 00:10:34 | 00,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/09/10 23:55:31 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2009/09/10 22:35:24 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/09/10 21:16:36 | 00,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2009/09/10 19:32:38 | 00,041,176 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== LOP Check ==========

[2009/09/20 15:33:14 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming
[2009/09/20 14:37:19 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\Activision
[2009/09/11 00:33:58 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\ATI
[2009/09/12 22:04:41 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\DAEMON Tools Lite
[2006/11/03 01:06:33 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\Media Center Programs
[2009/09/20 15:38:56 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\Red Alert 3
[2009/09/20 15:27:28 | 00,000,000 | RH-D | M] -- C:\Users\PC1\AppData\Roaming\SecuROM
[2009/09/14 14:33:38 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\Ubisoft
[2009/09/13 22:52:52 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\uTorrent
[2009/09/11 23:16:51 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\Vso
[2009/09/12 00:00:44 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\WinPatrol
[2009/09/22 12:32:54 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/22 10:01:13 | 00,021,716 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/12 12:46:13 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{704DA8D6-4566-473B-BF89-31077AF14737}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2009/04/11 16:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll
[4 C:\Windows\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 19:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll
[4 C:\Windows\system32\*.tmp files]

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

**************************************************************
Extras.txt

OTL Extras logfile created on: 22/09/2009 12:36:28 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\PC1\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 68.27% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 181.34 Gb Free Space | 64.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 693.25 Gb Free Space | 74.42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC1-PC
Current User Name: PC1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = D6 C2 90 B6 E9 35 CA 01 [binary data]
"VistaSp2" = 3A 60 C6 D7 34 38 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2339724583-2013620152-4019550612-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31D36657-70BF-42D4-BC60-49C682258EA7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

rearbit · 2009/09/21

OTL cont...

========== Files - Modified Within 14 Days ==========

[4 C:\Windows\SysWow64\*.tmp files]
[2009/09/22 12:35:35 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\PC1\Desktop\OTL.exe
[2009/09/22 12:33:08 | 00,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2009/09/22 12:33:08 | 00,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2009/09/22 12:32:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/22 12:32:53 | 00,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/22 12:32:53 | 00,003,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/22 12:32:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/22 12:32:45 | 42,923,37664 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/22 10:01:10 | 01,513,021 | -H-- | M] () -- C:\Users\PC1\AppData\Local\IconCache.db
[2009/09/22 06:55:42 | 00,720,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/09/22 06:55:42 | 00,625,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/09/22 06:55:42 | 00,108,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/09/21 20:43:45 | 00,359,932 | ---- | M] () -- C:\Users\PC1\Desktop\dds.scr
[2009/09/20 13:28:39 | 00,011,114 | ---- | M] () -- C:\ProgramData\MainApp.dll
[2009/09/19 19:06:16 | 50,216,9175 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/09/18 17:48:17 | 00,371,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/09/18 17:43:10 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/09/16 20:13:52 | 00,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009/09/15 19:50:40 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/09/15 19:23:04 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\SysWow64\ifxcardm.dll
[2009/09/15 19:23:03 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\SysWow64\axaltocm.dll
[2009/09/15 19:23:02 | 00,134,144 | ---- | M] (Infineon Technologies AG) -- C:\Windows\SysNative\ifxcardm.dll
[2009/09/15 19:23:00 | 00,133,632 | ---- | M] (Gemalto, Inc.) -- C:\Windows\SysNative\axaltocm.dll
[2009/09/14 19:21:05 | 00,016,384 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_2.IFO
[2009/09/14 19:21:05 | 00,014,336 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_4.IFO
[2009/09/14 19:21:05 | 00,014,336 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_3.IFO
[2009/09/14 19:21:05 | 00,012,288 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\000004DC_VTS_0.IFO
[2009/09/14 19:07:02 | 00,005,632 | ---- | M] () -- C:\Users\PC1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/14 18:50:42 | 00,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2009/09/14 18:50:42 | 00,121,880 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2009/09/14 18:50:41 | 00,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2009/09/14 18:50:41 | 00,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2009/09/14 10:21:50 | 00,099,880 | ---- | M] () -- C:\Users\PC1\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/13 23:51:38 | 00,726,124 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/13 23:34:01 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/09/13 22:34:24 | 00,001,820 | ---- | M] () -- C:\Windows\SysNative\rasctrnm.h
[2009/09/13 22:34:22 | 00,001,820 | ---- | M] () -- C:\Windows\SysWow64\rasctrnm.h
[2009/09/13 22:16:59 | 39,780,352 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/09/13 22:16:58 | 00,262,144 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/09/13 22:16:58 | 00,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/09/13 00:35:07 | 00,000,326 | ---- | M] () -- C:\Windows\d3xp.ini
[2009/09/13 00:30:43 | 00,000,319 | ---- | M] () -- C:\Windows\doom3.ini
[2009/09/12 22:52:23 | 00,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/09/12 22:52:16 | 02,337,865 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/09/12 22:52:16 | 00,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/09/12 21:16:34 | 00,000,804 | ---- | M] () -- C:\Users\Public\Desktop\3DMark Vantage.lnk
[2009/09/12 21:09:51 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/09/12 12:46:13 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{704DA8D6-4566-473B-BF89-31077AF14737}.job
[2009/09/12 11:29:37 | 00,000,695 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2009/09/12 00:02:34 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/09/11 23:16:56 | 00,000,014 | ---- | M] () -- C:\Windows\SysWow64\systeminfo3.dll
[2009/09/11 23:16:13 | 00,099,384 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\inst.exe
[2009/09/11 23:16:13 | 00,082,816 | ---- | M] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
[2009/09/11 23:16:13 | 00,082,816 | ---- | M] (VSO Software) -- C:\Users\PC1\AppData\Roaming\pcouffin.sys
[2009/09/11 23:16:13 | 00,007,859 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\pcouffin.cat
[2009/09/11 23:16:13 | 00,001,167 | ---- | M] () -- C:\Users\PC1\AppData\Roaming\pcouffin.inf
[2009/09/11 23:16:13 | 00,000,635 | ---- | M] () -- C:\Users\PC1\Desktop\CloneDVD.lnk
[2009/09/11 22:25:28 | 00,000,640 | ---- | M] () -- C:\Users\PC1\Desktop\SpeedFan.lnk
[2009/09/11 18:24:52 | 00,056,483 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/09/11 18:16:35 | 02,608,861 | ---- | M] () -- C:\Windows\SysNative\wlan.tmf
[2009/09/11 18:16:34 | 00,015,181 | ---- | M] () -- C:\Windows\SysNative\gatherWirelessInfo.vbs
[2009/09/11 13:27:15 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/09/11 13:27:14 | 00,000,367 | RHS- | M] () -- C:\Boot.ini.saved
[2009/09/11 00:33:40 | 00,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2009/09/11 00:19:32 | 00,000,732 | ---- | M] () -- C:\Users\PC1\AppData\Local\d3d9caps64.dat
[2009/09/11 00:18:55 | 00,000,680 | ---- | M] () -- C:\Users\PC1\AppData\Local\d3d9caps.dat
[2009/09/11 00:16:54 | 00,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2009/09/11 00:10:34 | 00,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/09/10 23:55:31 | 00,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2009/09/10 22:35:24 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2009/09/10 21:16:36 | 00,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2009/09/10 19:32:38 | 00,041,176 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== LOP Check ==========

[2009/09/20 15:33:14 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming
[2009/09/20 14:37:19 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\Activision
[2009/09/11 00:33:58 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\ATI
[2009/09/12 22:04:41 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\DAEMON Tools Lite
[2006/11/03 01:06:33 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\Media Center Programs
[2009/09/20 15:38:56 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\Red Alert 3
[2009/09/20 15:27:28 | 00,000,000 | RH-D | M] -- C:\Users\PC1\AppData\Roaming\SecuROM
[2009/09/14 14:33:38 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\Ubisoft
[2009/09/13 22:52:52 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\uTorrent
[2009/09/11 23:16:51 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\Vso
[2009/09/12 00:00:44 | 00,000,000 | ---D | M] -- C:\Users\PC1\AppData\Roaming\WinPatrol
[2009/09/22 12:32:54 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/22 10:01:13 | 00,021,716 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/12 12:46:13 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{704DA8D6-4566-473B-BF89-31077AF14737}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2009/04/11 16:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll
[4 C:\Windows\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 19:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll
[4 C:\Windows\system32\*.tmp files]

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

***************************************
Extras.txt

OTL Extras logfile created on: 22/09/2009 12:36:28 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\PC1\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 68.27% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 181.34 Gb Free Space | 64.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 693.25 Gb Free Space | 74.42% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC1-PC
Current User Name: PC1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

rearbit · 2009/09/21

Extras cont..........

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = D6 C2 90 B6 E9 35 CA 01 [binary data]
"VistaSp2" = 3A 60 C6 D7 34 38 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2339724583-2013620152-4019550612-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31D36657-70BF-42D4-BC60-49C682258EA7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C29D390-1126-4398-8B89-11E8039F502E}" = protocol=17 | dir=in | app=f:\pcgames\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{0C579A1D-0A94-4614-A579-954EC22356CB}" = protocol=6 | dir=in | app=f:\pcgames\call of duty - world at war\codwawmp.exe |
"{2F434CED-AF58-4D83-A1A5-B91CAAEACCD0}" = protocol=6 | dir=in | app=f:\pcgames\far cry 2\bin\fc2editor.exe |
"{49B2FD6D-7BC6-4FE6-8E64-00DC667ED836}" = protocol=17 | dir=in | app=f:\pcgames\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{4A49E76F-3BFF-4373-B22C-57BB401B1059}" = protocol=17 | dir=in | app=f:\program files\utorrent\utorrent.exe |
"{55B31E19-E1AE-4319-8A16-6CEDF1B47CA0}" = protocol=6 | dir=in | app=f:\pcgames\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{5C7ECBD9-5165-4F1A-9883-43D4A2BF29D0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5F5F3CDD-C0C5-41D0-A33F-057228F656AF}" = protocol=6 | dir=in | app=f:\pcgames\transformers - revenge of the fallen\transformers2.exe |
"{6018F93B-232D-4ED7-80D0-D15FA0FE9FF2}" = protocol=17 | dir=in | app=f:\pcgames\grid\grid.exe |
"{6065B7ED-8C0E-4EF1-8381-EF45FCB07D69}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{63AF28BB-7D26-49F4-8339-680F782D5C98}" = protocol=17 | dir=in | app=f:\pcgames\far cry 2\bin\fc2launcher.exe |
"{71502AD5-29C0-439A-ADEF-5081B96B1FD9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7520065E-FC0D-4318-9844-5AB6CC15C054}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{84013896-42CA-4F49-A3D7-B9E9312C20C6}" = protocol=6 | dir=in | app=f:\pcgames\wolfenstein\mp\wolf2mplite.exe |
"{84F4557C-D42E-4656-8FEC-C7B5A859ED5D}" = protocol=17 | dir=in | app=f:\pcgames\transformers - revenge of the fallen\transformers2.exe |
"{8E47E3BF-D794-43AC-96C9-9FD0A2E1B045}" = protocol=6 | dir=in | app=f:\pcgames\assassin's creed\assassinscreed_launcher.exe |
"{91FB7939-715A-4F1E-850D-EE4D6F3C0E81}" = protocol=17 | dir=in | app=f:\pcgames\call of duty - world at war\codwaw.exe |
"{995085C5-48EB-419C-8C74-968E6242B661}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{99CEB7C7-99AE-4DA5-BB8F-46F99DA8C5CD}" = protocol=17 | dir=in | app=f:\pcgames\wolfenstein\mp\wolf2mp.exe |
"{9BE590E4-A91D-49E6-B13F-5129F9C8F31D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A406DBA5-7A38-4252-B2A3-D9F846244E31}" = protocol=17 | dir=in | app=f:\pcgames\far cry 2\bin\fc2editor.exe |
"{A4A2408D-5BC6-4567-AE6A-6AE44DD33C63}" = protocol=17 | dir=in | app=f:\pcgames\assassin's creed\assassinscreed_dx9.exe |
"{A4D51D60-8BE3-4B4D-A598-E8E89C7E01E0}" = protocol=6 | dir=in | app=f:\pcgames\call of duty - world at war\codwaw.exe |
"{A57897D3-2DB6-4AAF-9939-3380B746CD89}" = protocol=17 | dir=in | app=f:\pcgames\call of duty - world at war\codwawmp.exe |
"{AC4F6BBB-E09C-4249-B961-EF94A31AEE43}" = protocol=6 | dir=in | app=f:\pcgames\far cry 2\bin\farcry2.exe |
"{B2F3F3D4-13BA-4093-9D0D-BA86AEE9248D}" = protocol=17 | dir=in | app=f:\pcgames\assassin's creed\assassinscreed_dx10.exe |
"{B7198895-1FE6-4572-AA70-57B063D5BEC7}" = protocol=6 | dir=in | app=f:\pcgames\grid\grid.exe |
"{C8EE265C-E152-4267-B926-1554A2648532}" = protocol=6 | dir=in | app=f:\pcgames\assassin's creed\assassinscreed_dx10.exe |
"{CA6BCFB7-619E-4128-9A5B-F4FDCC42FC87}" = protocol=6 | dir=in | app=f:\program files\utorrent\utorrent.exe |
"{D2B24595-1BA8-44E8-8DD9-54A98086DF00}" = protocol=6 | dir=in | app=f:\pcgames\assassin's creed\assassinscreed_dx9.exe |
"{D3F0F518-1127-4EAA-9B4F-D3703FBA490F}" = protocol=6 | dir=in | app=f:\pcgames\wolfenstein\mp\wolf2mp.exe |
"{DAD2B342-7A71-49E1-A2BB-CFD1635A9CD2}" = protocol=17 | dir=in | app=f:\pcgames\assassin's creed\assassinscreed_launcher.exe |
"{E62FE6C9-8EC7-4B6D-86EB-53DD87D15FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EEFB50E0-E9DB-4BDD-BB6D-0B43292FE49B}" = protocol=6 | dir=in | app=f:\pcgames\far cry 2\bin\fc2launcher.exe |
"{F1DE6FCE-A7B6-4CBF-85F4-1F4CC8F7417C}" = protocol=6 | dir=in | app=f:\pcgames\tom clancy's rainbow six vegas 2\binaries\r6vegas2_launcher.exe |
"{F72011CC-BF7F-4CFD-9EEC-EAB6E42E8D60}" = protocol=17 | dir=in | app=f:\pcgames\far cry 2\bin\farcry2.exe |
"{F8F650BE-BADA-4236-BBE7-2C366DED05F5}" = protocol=17 | dir=in | app=f:\pcgames\wolfenstein\mp\wolf2mplite.exe |
"{FFF388FB-05ED-40FE-BB6B-1B3947C2DFE6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{0DCECD98-BBDE-40FA-8D55-D8FB93D351DA}F:\pcgames\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=f:\pcgames\call of duty - world at war\codwaw_lanfixed.exe |
"TCP Query User{523D9784-33D7-4D6E-AC4B-2271C42D0DFE}F:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=f:\program files\utorrent\utorrent.exe |
"TCP Query User{680A4D48-EEE3-404F-9F6A-E85DBFC61069}F:\pcgames\call of duty - world at war\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=f:\pcgames\call of duty - world at war\codwaw_lanfixed.exe |
"TCP Query User{934EF217-37FB-45D8-B361-E21B784C7A0E}F:\pcgames\serious sam 2\bin\sam2.exe" = protocol=6 | dir=in | app=f:\pcgames\serious sam 2\bin\sam2.exe |
"TCP Query User{A1E2F429-E945-4C24-A9DE-E1073C3816F1}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{D7C57E3F-2774-4498-953A-89FFDA773DD2}F:\pcgames\quake3\quake3.exe" = protocol=6 | dir=in | app=f:\pcgames\quake3\quake3.exe |
"UDP Query User{1E3B5DA5-FF5B-4530-9EA4-4768529892A8}F:\pcgames\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=f:\pcgames\call of duty - world at war\codwaw_lanfixed.exe |
"UDP Query User{238E657E-106E-42EC-B214-8AC6CD83D463}F:\pcgames\serious sam 2\bin\sam2.exe" = protocol=17 | dir=in | app=f:\pcgames\serious sam 2\bin\sam2.exe |
"UDP Query User{3E91A8C2-8661-4B24-9570-48EB93E02D5F}F:\pcgames\quake3\quake3.exe" = protocol=17 | dir=in | app=f:\pcgames\quake3\quake3.exe |
"UDP Query User{9DAEA851-5F6F-4EAA-A0C6-3A67A6B55134}F:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=f:\program files\utorrent\utorrent.exe |
"UDP Query User{BE9080CE-2FCB-4CEF-8840-33E88AF37843}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{E9F6FBBE-1F8B-4C47-9B21-24AC4597AE78}F:\pcgames\call of duty - world at war\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=f:\pcgames\call of duty - world at war\codwaw_lanfixed.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5AC267EB-6FBC-D3DC-1C09-EF62556092FD}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B88F5E68-B0FB-950F-EC6F-82FB18DF3E5D}" = ATI Catalyst Install Manager
"{C9D79D35-7BF2-1C5B-E30B-8421837EBBAE}" = ATI AVIVO64 Codecs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
"{07E1A8A8-EEE0-198D-9AB7-8CBE42A830F4}" = Catalyst Control Center Core Implementation
"{08F173A8-AB81-4760-AEB0-CE91F3B05AEF}" = Activision(R)
"{186326B4-AF94-B714-7A5C-678524061EFD}" = CCC Help English
"{1F5B0A0A-ACBA-1C8D-DD8C-AB20597DABE9}" = ccc-core-static
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B09.0216.1
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{644FCC7C-63F5-5EE1-258D-30A5FD195891}" = HydraVision
"{6D1ACE56-38B1-1055-5926-EADFB056F2F2}" = Catalyst Control Center InstallProxy
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79FAE709-37BC-FBAD-53DB-6B8609231007}" = Catalyst Control Center Graphics Full Existing
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.05
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CC67C580-EFEA-1B4C-F86C-C360C0593FE3}" = Catalyst Control Center Graphics Previews Vista
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D27DBCEF-7D01-C5DF-659E-F27A24AC2181}" = Catalyst Control Center Graphics Previews Common
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E0DFA6F8-C275-823C-9A73-A1608D84E333}" = Catalyst Control Center Graphics Full New
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F4A06E47-FD0D-CCB2-CEDA-659131E90F3C}" = Catalyst Control Center Graphics Light
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FABB748F-B1AA-ECD0-11CC-28DCAEA2EAA5}" = Catalyst Control Center HydraVision Full
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"InstallShield_{08F173A8-AB81-4760-AEB0-CE91F3B05AEF}" = Transformers(TM) - Revenge of the Fallen(TM)
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B09.0216.1
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"MainApp.exe_is1" = CloneDVD 4.3.0.3
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"SeriousSam2" = Serious Sam 2
"SpeedFan" = SpeedFan (remove only)
"ST5UNST #1" = Unreal Editor
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 21/09/2009 4:45:36 AM | Computer Name = PC1-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\ProgramData\Codemasters\GRID\DataCache\PC1\replay\replay.pbf failed, 00000005.

Error - 21/09/2009 8:59:28 AM | Computer Name = PC1-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\PC1\AppData\Roaming\Microsoft\Windows\Cookies\index.dat failed, 00000005.

[ Application Events ]
Error - 19/09/2009 4:38:12 AM | Computer Name = PC1-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "F:\PCGames\Wolfenstein\MP\serverlauncher.exe ".Error
in manifest or policy file " " on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 19/09/2009 4:53:05 AM | Computer Name = PC1-PC | Source = Application Error | ID = 1000
Description = Faulting application Dwm.exe, version 6.0.6002.18005, time stamp 0x49e02696,
faulting module atiumd64.dll, version 8.14.10.697, time stamp 0x4a84c2b1, exception
code 0xc0000005, fault offset 0x00000000000078e0, process id 0x6bc, application
start time 0x01ca39061b58c87f.

Error - 19/09/2009 4:53:25 AM | Computer Name = PC1-PC | Source = Application Error | ID = 1000
Description = Faulting application prime95.exe, version 25.11.1.0, time stamp 0x4a5af88b,
faulting module prime95.exe, version 25.11.1.0, time stamp 0x4a5af88b, exception
code 0xc0000005, fault offset 0x000000000043b6a4, process id 0xfc0, application
start time 0x01ca39069162adbf.

Error - 19/09/2009 4:57:32 AM | Computer Name = PC1-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "F:\PCGames\Wolfenstein\MP\serverlauncher.exe ".Error
in manifest or policy file " " on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 19/09/2009 5:07:44 AM | Computer Name = PC1-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "F:\PCGames\Wolfenstein\MP\serverlauncher.exe ".Error
in manifest or policy file " " on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Error - 20/09/2009 12:37:44 AM | Computer Name = PC1-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_PlugPlay, version 6.0.6001.18000,
time stamp 0x47919291, faulting module RPCRT4.dll, version 6.0.6002.18024, time
stamp 0x49f05e53, exception code 0xc0000005, fault offset 0x0000000000021bf7, process
id 0x390, application start time 0x01ca39087f52faf2.

Error - 20/09/2009 12:40:57 AM | Computer Name = PC1-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_PlugPlay, version 6.0.6001.18000,
time stamp 0x47919291, faulting module RPCRT4.dll, version 6.0.6002.18024, time
stamp 0x49f05e53, exception code 0xc0000005, fault offset 0x0000000000021bf7, process
id 0x388, application start time 0x01ca39ac6d337d74.

Error - 20/09/2009 12:48:49 AM | Computer Name = PC1-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_PlugPlay, version 6.0.6001.18000,
time stamp 0x47919291, faulting module RPCRT4.dll, version 6.0.6002.18024, time
stamp 0x49f05e53, exception code 0xc0000005, fault offset 0x0000000000021bf7, process
id 0x384, application start time 0x01ca39acd0ad014d.

Error - 21/09/2009 4:44:35 AM | Computer Name = PC1-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_PlugPlay, version 6.0.6001.18000,
time stamp 0x47919291, faulting module RPCRT4.dll, version 6.0.6002.18024, time
stamp 0x49f05e53, exception code 0xc0000005, fault offset 0x0000000000021bf7, process
id 0x390, application start time 0x01ca3a96f89aa1db.

Error - 21/09/2009 4:49:48 PM | Computer Name = PC1-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "F:\PCGames\Wolfenstein\MP\serverlauncher.exe ".Error
in manifest or policy file " " on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

[ System Events ]
Error - 13/09/2009 9:04:08 AM | Computer Name = PC1-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 13/09/2009 9:04:08 AM | Computer Name = PC1-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 13/09/2009 9:04:08 AM | Computer Name = PC1-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 13/09/2009 9:04:08 AM | Computer Name = PC1-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 13/09/2009 9:04:08 AM | Computer Name = PC1-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 13/09/2009 9:04:08 AM | Computer Name = PC1-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 13/09/2009 9:04:08 AM | Computer Name = PC1-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 14/09/2009 5:05:34 AM | Computer Name = PC1-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 14/09/2009 5:05:40 AM | Computer Name = PC1-PC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 15/09/2009 4:51:04 AM | Computer Name = PC1-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:41:50 PM on 15/09/2009 was unexpected.

< End of report >

rearbit · 2009/09/21

Sorry had a little trouble there and doubled up on one. My first said a moderator needed to approve it before it was viewable. If you would like i can just attach them i just need to know how. Cheers

broni · 2009/09/21

I don't see any security issues here, so you'll have to repost your problem at Windows section.
Good luck

rearbit · 2009/09/21

ok thank you for your help

broni · 2009/09/21

You're welcome

Log in or Sign up

Inactive Windows must restart now when playing games

rearbit Inactive Thread Starter

broni Moderator Malware Analyst

rearbit Inactive Thread Starter

rearbit Inactive Thread Starter

rearbit Inactive Thread Starter

rearbit Inactive Thread Starter

rearbit Inactive Thread Starter

broni Moderator Malware Analyst

rearbit Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Windows must restart now when playing games

rearbit Inactive Thread Starter

broni Moderator Malware Analyst

rearbit Inactive Thread Starter

rearbit Inactive Thread Starter

rearbit Inactive Thread Starter

rearbit Inactive Thread Starter

rearbit Inactive Thread Starter

broni Moderator Malware Analyst

rearbit Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches