« previous next »
Pages: [1]

Author Topic: Windows Vista Explorer crashes after launching a game  (Read 1106 times)

Offline ExosneeR

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Windows Vista Explorer crashes after launching a game
« on: April 04, 2011, 02:03:03 AM »
Hello out there! I'm a newbie here, so please let me know if i violated any rules in posting. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />

Whenever i launch my game the application follows to hang up after checking by the NProtect Game Guard. The whole computer goes white and says "Windows Explorer stops working". Please can someone help me with this. I've been bugged for the whole time it tries to restart windows explorer.

Advance Appreciation for those who will help. Thanks.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Windows Vista Explorer crashes after launching a game
« Reply #1 on: April 05, 2011, 02:44:15 PM »
Sorry for the delay, the problem seems to be with the NProtect service, but can I see the following please
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ExosneeR

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Windows Vista Explorer crashes after launching a game
« Reply #2 on: April 07, 2011, 11:01:04 AM »
Okay, here it is:

OTL.TXT:


OTL logfile created on: 4/7/2011 11:42:39 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.08 Gb Total Space | 34.67 Gb Free Space | 30.93% Space Free | Partition Type: NTFS
Drive E: | 8.00 Gb Total Space | 7.87 Gb Free Space | 98.42% Space Free | Partition Type: NTFS
Drive F: | 9.00 Gb Total Space | 7.72 Gb Free Space | 85.75% Space Free | Partition Type: NTFS
Drive H: | 11.77 Gb Total Space | 1.97 Gb Free Space | 16.74% Space Free | Partition Type: NTFS
 
Computer Name: IAM3AISON | User Name: Exosneer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/04/07 22:58:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/18 12:47:42 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2010/12/11 10:18:00 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/11/17 19:45:44 | 001,942,416 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
PRC - [2010/11/04 20:51:02 | 000,985,488 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/01 17:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/09 16:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2010/01/22 17:35:44 | 000,309,304 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/04/07 22:58:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/03/31 15:58:32 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/11/17 19:45:44 | 001,942,416 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/06 23:49:26 | 003,866,056 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/09/11 17:27:41 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/06 01:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/10/30 18:35:13 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/06/24 11:38:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/09 11:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/31 02:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/31 01:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/12 01:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/07 13:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/19 08:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007/02/17 00:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/02 16:27:23 | 000,010,368 | ---- | M] (Conexant Systems, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cxavsaud_IBV32.sys -- (CXAVSAUD)
DRV - [2006/11/02 13:00:38 | 000,168,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\cx88vid_IBV32.sys -- (CX23880)
DRV - [2005/01/04 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=81&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ask.com?o=15161&l=dis [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 08:53:46 | 000,000,000 | ---D | M]
 
[2010/12/03 19:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exosneer\AppData\Roaming\Mozilla\Extensions
[2011/03/30 17:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exosneer\AppData\Roaming\Mozilla\Firefox\Profiles\rc3un1s5.default\extensions
[2011/03/30 17:05:24 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Exosneer\AppData\Roaming\Mozilla\Firefox\Profiles\rc3un1s5.default\extensions\[email protected]
[2010/12/03 19:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/18 15:23:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 02:17:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/05 19:02:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/12 19:12:24 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
 
O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [HP Health Check Scheduler]  File not found
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [userinit]  File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nvsvca.lnk =  File not found
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/11 16:13:18 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/02/29 13:04:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 23:18:54 | 000,000,340 | -HS- | M] () - H:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{a249e885-e41e-11df-98c9-cf968cc7b7c6}\Shell - "" = AutoRun
O33 - MountPoints2\{a249e885-e41e-11df-98c9-cf968cc7b7c6}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{a249e885-e41e-11df-98c9-cf968cc7b7c6}\Shell\directx\command - "" = J:\DirectX9\dxsetup.exe
O33 - MountPoints2\{a249e885-e41e-11df-98c9-cf968cc7b7c6}\Shell\setup\command - "" = J:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/05 03:02:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/04 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/04 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/04 01:03:45 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\Documents\OneNote Notebooks
[2011/04/01 12:48:26 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\Desktop\Rohan Online
[2011/03/31 15:47:25 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/31 15:47:25 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/31 03:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/31 03:08:54 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/03/31 03:08:53 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/03/31 03:08:53 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/03/31 03:08:18 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/03/31 03:08:16 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/03/31 03:08:16 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/03/31 03:08:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/03/31 03:08:16 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/03/31 03:08:15 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/03/31 03:07:42 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/03/31 03:07:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/03/31 03:07:40 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/03/31 03:07:37 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/03/31 03:07:37 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/03/31 03:07:37 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/03/31 03:07:37 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/03/31 03:07:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/03/31 03:07:37 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/03/31 03:06:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/03/31 03:06:36 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/03/30 14:12:27 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/03/30 14:12:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/30 14:12:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/03/30 14:12:24 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/03/30 14:12:24 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/03/30 14:12:23 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/03/30 14:12:23 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/03/30 14:12:23 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/03/30 14:12:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/03/30 14:12:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/03/30 14:12:22 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/30 14:12:22 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/03/30 14:12:21 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/03/30 14:12:20 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/03/30 14:12:20 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/03/30 14:12:19 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/03/30 14:12:18 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/03/30 14:12:17 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/03/30 14:12:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/30 14:12:16 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/03/30 14:12:12 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/03/30 14:12:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/03/30 13:48:39 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/03/30 04:37:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/30 04:37:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/30 04:37:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/30 00:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/03/28 01:23:47 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\AppData\Local\PMB Files
[2011/03/28 01:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/03/14 22:12:33 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\Desktop\Files
[2011/03/13 20:55:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/03/13 20:11:57 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\AppData\Roaming\AVG10
[2011/03/13 20:06:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/03/13 20:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/03/13 20:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/03/13 20:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/03/13 20:03:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/03/13 20:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/13 20:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/12 18:41:57 | 003,866,056 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2011/03/12 18:41:16 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2011/03/12 18:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/03/12 18:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rohan Online
[2011/03/09 19:30:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/09 19:30:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/09 19:30:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/09 14:19:49 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 14:19:49 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 14:19:49 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 14:19:49 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/09 14:19:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/03/04 22:23:34 | 038,366,069 | ---- | C] (Powered By DoctoR                                           ) -- C:\Users\Exosneer\AppData\Roaming\csrss.exe
[1 C:\Users\Exosneer\AppData\Local\*.tmp files -> C:\Users\Exosneer\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/07 23:42:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E19376AD-5766-4711-ACB0-CBDB9C97DAB1}.job
[2011/04/07 23:37:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 23:37:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 23:07:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/07 21:54:23 | 000,048,412 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/07 21:53:30 | 111,875,749 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/07 21:53:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/07 17:24:14 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/04/07 17:24:14 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/04/07 17:24:14 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/04/07 17:24:14 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/04/07 17:24:14 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/04/07 17:24:14 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/04/07 07:50:57 | 000,000,260 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/04/07 07:49:23 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/07 07:47:49 | 3152,867,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/06 11:34:59 | 000,649,644 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/04/06 03:00:23 | 000,006,944 | ---- | M] () -- C:\Users\Exosneer\AppData\Local\d3d9caps.dat
[2011/04/04 14:45:30 | 000,002,529 | ---- | M] () -- C:\Users\Exosneer\Desktop\HiJackThis.lnk
[2011/04/04 12:36:01 | 000,048,412 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/04 02:56:12 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/04 02:56:12 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/04 01:03:45 | 000,001,111 | ---- | M] () -- C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/04/04 00:12:05 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/31 03:27:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/30 08:53:46 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/30 04:41:33 | 000,487,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/29 11:33:03 | 000,002,291 | ---- | M] () -- C:\Users\Exosneer\Desktop\YouTube - Broadcast Yourself.lnk
[2011/03/15 09:56:03 | 000,139,264 | ---- | M] () -- C:\Users\Exosneer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/11 08:05:04 | 000,073,652 | ---- | M] () -- C:\Users\Exosneer\Documents\Capture1.JPG
[2011/03/11 07:56:19 | 000,478,765 | ---- | M] () -- C:\Users\Exosneer\Documents\.....exe
[2011/03/11 06:48:43 | 000,002,827 | ---- | M] () -- C:\Users\Exosneer\Documents\.....cpp
[1 C:\Users\Exosneer\AppData\Local\*.tmp files -> C:\Users\Exosneer\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/07 21:53:30 | 111,875,749 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/06 11:34:59 | 000,649,644 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/04/04 14:42:31 | 000,002,529 | ---- | C] () -- C:\Users\Exosneer\Desktop\HiJackThis.lnk
[2011/04/04 01:03:45 | 000,001,111 | ---- | C] () -- C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/31 03:27:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/13 20:05:44 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/12 18:41:16 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2011/03/11 08:05:01 | 000,073,652 | ---- | C] () -- C:\Users\Exosneer\Documents\Capture1.JPG
[2011/03/11 06:37:21 | 000,478,765 | ---- | C] () -- C:\Users\Exosneer\Documents\.....exe
[2011/03/11 06:37:17 | 000,002,827 | ---- | C] () -- C:\Users\Exosneer\Documents\.....cpp
[2011/03/06 09:49:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/06 09:49:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/05 17:50:24 | 000,125,932 | ---- | C] () -- C:\Windows\System32\5f65a848.exe
[2011/03/05 17:50:13 | 000,063,442 | ---- | C] () -- C:\Windows\System32\ccdevsugyqojl.exe
[2011/03/05 10:10:59 | 000,000,552 | ---- | C] () -- C:\Users\Exosneer\AppData\Local\d3d8caps.dat
[2011/03/04 22:23:36 | 000,083,968 | ---- | C] () -- C:\Users\Exosneer\AppData\Roaming\chrtmp
[2011/02/20 12:23:52 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2011/02/20 12:23:50 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/24 06:54:32 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2011/01/24 06:54:32 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2010/08/17 01:17:42 | 000,000,048 | ---- | C] () -- C:\Users\Exosneer\AppData\Roaming\wklnhst.dat
[2010/07/22 01:36:27 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/01 10:36:24 | 000,048,412 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/06/01 10:35:53 | 000,048,412 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/06/01 10:35:47 | 000,006,944 | ---- | C] () -- C:\Users\Exosneer\AppData\Local\d3d9caps.dat
[2010/05/30 19:52:56 | 000,980,804 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2010/05/29 03:40:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/26 19:32:39 | 000,139,264 | ---- | C] () -- C:\Users\Exosneer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 08:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/03/03 08:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/03/03 08:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/03/03 08:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/03/03 08:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/03/03 08:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/03/03 08:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/03/03 08:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/03/03 08:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/03/03 08:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/03/03 08:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/03/03 08:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/03/03 08:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/15 02:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/11/15 02:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009/11/15 02:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/11/15 02:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/11/15 02:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/11/15 02:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/11/15 02:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/11/15 02:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/11/15 02:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/11/15 02:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009/11/15 02:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009/11/15 02:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/11/15 02:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/08/12 05:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/01/11 06:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/04/21 20:36:49 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/02/29 13:21:37 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/10/13 17:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,487,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,612,100 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,109,516 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:8643C5BE

< End of report >


Extras.txt:


OTL Extras logfile created on: 4/7/2011 11:42:39 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.08 Gb Total Space | 34.67 Gb Free Space | 30.93% Space Free | Partition Type: NTFS
Drive E: | 8.00 Gb Total Space | 7.87 Gb Free Space | 98.42% Space Free | Partition Type: NTFS
Drive F: | 9.00 Gb Total Space | 7.72 Gb Free Space | 85.75% Space Free | Partition Type: NTFS
Drive H: | 11.77 Gb Total Space | 1.97 Gb Free Space | 16.74% Space Free | Partition Type: NTFS
 
Computer Name: IAM3AISON | User Name: Exosneer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B519D50-9AF8-4726-AF1A-496F5E0DA355}" = rport=138 | protocol=17 | dir=out | app=system |
"{1DB2E0C9-54EE-4851-B2C5-8F351F9BF819}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1FA0C46B-431F-4D8F-BF6C-EF88EBB2CFA8}" = rport=139 | protocol=6 | dir=out | app=system |
"{223EB186-A993-4AA8-BC73-9A2366884824}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2751AC28-DD95-4C32-A305-6BD7F817F151}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A628667-9934-40D8-A688-C1E45E0EC150}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B28F2E9-9941-4748-8505-44434657F235}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C7CD9E7-CC55-40E7-B5BA-8802A471CD50}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45B3BE9E-D3A6-461B-8374-668566F6AFC3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{483F0B96-54A8-4AB1-8B0A-863C4D14E4D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{4DE6598D-3CF9-46A3-AA1A-B5ECB7BF5E2E}" = lport=49397 | protocol=6 | dir=in | name=akamai netsession interface |
"{52EDB11E-4162-426C-9595-BBF061D79DF2}" = rport=137 | protocol=17 | dir=out | app=system |
"{59DE561C-F8AD-46BF-9736-4EA43DC8F245}" = lport=10243 | protocol=6 | dir=in | app=system |
"{70247A36-28B8-4FF2-B57E-14B2F41EEDC0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7A037183-1B11-4A99-B0F3-B0FC2ADBF8E9}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F12BF49-2AC9-4B5C-B322-BC01E8549808}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8757CC71-B67F-49E7-B635-55E25D5D8E01}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B329502-F98F-4E3A-93B2-B756BC946877}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99A72863-0A84-4490-892E-A42B71C48178}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A1778EC5-2917-47E0-8AC7-9DD393809CCB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2C513CC-8FCA-4460-86C4-0984F25C7521}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AA7DDE93-EA07-4776-9260-48BCE30E7711}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BD513099-EFCF-4FC3-97C8-8EB8BF63480B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BDFEB931-28D8-4C31-A0A6-31FC91824638}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD4C5CCE-74E3-452F-A51C-536839DBB303}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3EA23FE-9B20-4238-BF35-4B3B1EA370C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D54EE1D3-BFB0-4C78-935C-C80DDF68FA95}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA0B6C1F-1589-4C64-BE67-CB6BCB28A906}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EC0B3937-5244-49EB-BBD0-F9010F2968F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F176346A-BDED-45AD-9629-F0D72A55F764}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008E1BBB-7D38-4AFD-A254-CFC8276F359B}" = protocol=6 | dir=in | app=c:\program files\level up games\rohan online\loader.exe |
"{0E51C151-AD9A-4005-8C30-6C18D85525C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{113A2A7F-6622-416A-828B-3EA4F9022D67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{141572DC-2E7E-4B07-8EDB-1E0DF5F51363}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{167BE05E-A65C-476A-A01B-C3B1D78BD124}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{16D63093-F38A-4A8A-B8FA-30426E055F1E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{1FFFCF29-3128-4CCC-A649-A313F8BB8051}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2792FE57-C4B0-4A5D-B5F6-EBCD75D8C218}" = protocol=17 | dir=in | app=c:\program files\level up games\rohan online\loader.exe |
"{2EB2F2DC-4929-48B1-9FE9-B4A180C5665B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3031B68B-5C19-48FF-B8C2-0755BCA2DD77}" = protocol=1 | dir=out | [email protected],-28544 |
"{342D865F-B441-4471-8610-ECE4B762A9E7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{3BD5CE79-4436-4204-921D-1B8E51162E77}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4103DD1A-7F73-4FD5-9994-6F04FFCB65F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43A914FF-E12D-4833-9B5F-3BFB594C520D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{43E80F16-325B-4115-A26B-EA2D48AD50F1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{47574D4A-E627-4EB4-B344-A1432D6E6336}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{48E20570-C31C-4465-A139-085CB87429BD}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{4B3ACB0C-1D82-4184-838A-1B24C2A6B9FB}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{4BF44380-1B53-421D-93D6-4826C45BF6E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{505D8E7A-4BB1-4FD4-A73E-02A96164BEF3}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{54026AEF-3BB1-4775-B163-D5DF708E407F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55C65A65-CE0E-4F86-A57A-FFA798B8B5D9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{62109F19-846A-4C23-AE55-AE47BC149692}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{63314516-26DA-474E-BA81-689792DE51F5}" = protocol=58 | dir=in | [email protected],-28545 |
"{654E0CEE-A297-4719-8778-E49A092A41E8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6BE19620-455E-4B23-AB36-B902C7854D3C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6DEB019F-3D0F-42A2-A04D-6459AF525119}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7C154DA9-96B9-4480-91C3-8FC2F9E01536}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7D2E206F-5DD3-47B7-94C2-1308DC1CAEF1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7F1CB12F-250B-4A7F-B2DD-E80F907B1785}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{86B60275-F99A-40BC-9CAB-19A26EB865C5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{87F9BFCA-D9CD-4F5D-8976-C0729455F063}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{89565711-A894-4B98-BD9B-7943C4B3AE2B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{89765B6B-9C8C-44B1-8079-31C6624C7EE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8E1A5937-8C04-4EFE-B4DD-6E63764D0F7A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8E3F6ADD-7029-47B9-AD20-7E36C6C6D6C5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{960BEEC5-6271-404F-A7FF-27A2F8806A8C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{98396281-3695-4897-8D7D-6779F53A5153}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9872470D-B420-43C3-B412-9518882834F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9DEDAD01-AAA7-456F-BFE6-0D3E15C20ED0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A3D47A80-0FCA-4647-AE3F-7439170EC7F0}" = protocol=58 | dir=out | [email protected],-28546 |
"{A83C42E4-39F6-42CC-9880-EC2EA578638E}" = protocol=6 | dir=out | app=system |
"{A960DB70-B666-4989-B278-5332998DCAEF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A9AAFC9D-2385-4528-8147-2519D1E2E1D5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{ACC89EF0-97CD-4617-B32A-E4783EA91C23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADD8B9E7-8B06-4705-97E6-73A024F0D0EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B41F856A-BA3F-4743-AE8D-16A669D5D928}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B6CE5052-ADC4-47C4-9E31-4A233878870B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{BEB46097-1BA1-4613-85DD-AA485BD44740}" = protocol=1 | dir=in | [email protected],-28543 |
"{D50C30E8-DC19-433C-905B-566E529386A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D75CB142-0620-4202-A1FB-AE8A96527573}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{DA1E8D0B-A745-4E1F-A97B-696A7654235F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{E4CCE2DA-F3E9-451B-94D1-D915287594F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E59325E3-09C0-49C5-8C9E-BE12215166CE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E5F9CA90-801A-4DFC-817B-69D3188FC2F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6070D3E-8265-48CB-883C-BAC9F97840CA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E7459326-B102-454B-A593-E004F7A4C2D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB15CD0A-D009-44CE-8D41-FBCFEB5A258F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F249BC58-CA2F-4CFE-B38A-A9EEACF534F9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{F2C1C511-AEBF-4BD9-94A6-72EFD9AD0B44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F87F295F-D795-4C1B-98E2-E0955B847972}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FA68AEC2-F352-4337-AB0D-991D8FB54BD9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FCA38353-88BB-412C-9B5C-A79E1789A6E2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{FDB10722-8DED-4558-87CC-03E530DE19BC}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{FE90D849-ADB0-43A5-B209-98F91DD6942F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{FFC66A39-7A64-43D7-B53F-86F7CD76DAB3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"TCP Query User{0E29077A-5779-4066-8A0C-514E5E34B8DA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{106C3D4A-DD88-4885-9589-55E07E4A19A0}C:\program files\google\
Logged

Offline ExosneeR

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Windows Vista Explorer crashes after launching a game
« Reply #3 on: April 07, 2011, 11:03:55 AM »
Okay, here it is:

OTL.Txt -


OTL logfile created on: 4/7/2011 11:42:39 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.08 Gb Total Space | 34.67 Gb Free Space | 30.93% Space Free | Partition Type: NTFS
Drive E: | 8.00 Gb Total Space | 7.87 Gb Free Space | 98.42% Space Free | Partition Type: NTFS
Drive F: | 9.00 Gb Total Space | 7.72 Gb Free Space | 85.75% Space Free | Partition Type: NTFS
Drive H: | 11.77 Gb Total Space | 1.97 Gb Free Space | 16.74% Space Free | Partition Type: NTFS
 
Computer Name: IAM3AISON | User Name: Exosneer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/04/07 22:58:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/18 12:47:42 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2010/12/11 10:18:00 | 000,395,640 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/11/17 19:45:44 | 001,942,416 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
PRC - [2010/11/04 20:51:02 | 000,985,488 | ---- | M] (Discordia, LTD) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/04/01 17:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/09 16:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2010/01/22 17:35:44 | 000,309,304 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/04/07 22:58:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/03/31 15:58:32 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/22 04:48:46 | 003,226,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/11/17 19:45:44 | 001,942,416 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/06 23:49:26 | 003,866,056 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/09/11 17:27:41 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/06 01:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/10/30 18:35:13 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/06/24 11:38:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/09 11:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/31 02:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/31 01:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/12 01:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/07 13:58:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/19 08:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007/02/17 00:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/02 16:27:23 | 000,010,368 | ---- | M] (Conexant Systems, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cxavsaud_IBV32.sys -- (CXAVSAUD)
DRV - [2006/11/02 13:00:38 | 000,168,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\cx88vid_IBV32.sys -- (CX23880)
DRV - [2005/01/04 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=81&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ph&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ask.com?o=15161&l=dis [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 08:53:46 | 000,000,000 | ---D | M]
 
[2010/12/03 19:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exosneer\AppData\Roaming\Mozilla\Extensions
[2011/03/30 17:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Exosneer\AppData\Roaming\Mozilla\Firefox\Profiles\rc3un1s5.default\extensions
[2011/03/30 17:05:24 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Exosneer\AppData\Roaming\Mozilla\Firefox\Profiles\rc3un1s5.default\extensions\[email protected]
[2010/12/03 19:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/18 15:23:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 02:17:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/05 19:02:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/12 19:12:24 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
 
O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [HP Health Check Scheduler]  File not found
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [userinit]  File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nvsvca.lnk =  File not found
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/11 16:13:18 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/02/29 13:04:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 23:18:54 | 000,000,340 | -HS- | M] () - H:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{a249e885-e41e-11df-98c9-cf968cc7b7c6}\Shell - "" = AutoRun
O33 - MountPoints2\{a249e885-e41e-11df-98c9-cf968cc7b7c6}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{a249e885-e41e-11df-98c9-cf968cc7b7c6}\Shell\directx\command - "" = J:\DirectX9\dxsetup.exe
O33 - MountPoints2\{a249e885-e41e-11df-98c9-cf968cc7b7c6}\Shell\setup\command - "" = J:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/05 03:02:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/04 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/04 14:42:31 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/04 01:03:45 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\Documents\OneNote Notebooks
[2011/04/01 12:48:26 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\Desktop\Rohan Online
[2011/03/31 15:47:25 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/31 15:47:25 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/31 03:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/31 03:08:54 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/03/31 03:08:53 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/03/31 03:08:53 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/03/31 03:08:18 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/03/31 03:08:16 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/03/31 03:08:16 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/03/31 03:08:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/03/31 03:08:16 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/03/31 03:08:15 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/03/31 03:07:42 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/03/31 03:07:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/03/31 03:07:40 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/03/31 03:07:37 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/03/31 03:07:37 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/03/31 03:07:37 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/03/31 03:07:37 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/03/31 03:07:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/03/31 03:07:37 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/03/31 03:06:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/03/31 03:06:36 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/03/30 14:12:27 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/03/30 14:12:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/30 14:12:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/03/30 14:12:24 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/03/30 14:12:24 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/03/30 14:12:23 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/03/30 14:12:23 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/03/30 14:12:23 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/03/30 14:12:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/03/30 14:12:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/03/30 14:12:22 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/30 14:12:22 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/03/30 14:12:21 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/03/30 14:12:20 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/03/30 14:12:20 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/03/30 14:12:19 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/03/30 14:12:18 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/03/30 14:12:17 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/03/30 14:12:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/30 14:12:16 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/03/30 14:12:12 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/03/30 14:12:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/03/30 13:48:39 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/03/30 04:37:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/30 04:37:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/30 04:37:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/30 00:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/03/28 01:23:47 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\AppData\Local\PMB Files
[2011/03/28 01:23:10 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/03/14 22:12:33 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\Desktop\Files
[2011/03/13 20:55:30 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/03/13 20:11:57 | 000,000,000 | ---D | C] -- C:\Users\Exosneer\AppData\Roaming\AVG10
[2011/03/13 20:06:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/03/13 20:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/03/13 20:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/03/13 20:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/03/13 20:03:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/03/13 20:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/13 20:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/12 18:41:57 | 003,866,056 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2011/03/12 18:41:16 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2011/03/12 18:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2011/03/12 18:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rohan Online
[2011/03/09 19:30:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/09 19:30:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/09 19:30:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/09 14:19:49 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 14:19:49 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 14:19:49 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 14:19:49 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/09 14:19:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/03/04 22:23:34 | 038,366,069 | ---- | C] (Powered By DoctoR                                           ) -- C:\Users\Exosneer\AppData\Roaming\csrss.exe
[1 C:\Users\Exosneer\AppData\Local\*.tmp files -> C:\Users\Exosneer\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/07 23:42:59 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E19376AD-5766-4711-ACB0-CBDB9C97DAB1}.job
[2011/04/07 23:37:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 23:37:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/07 23:07:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/07 21:54:23 | 000,048,412 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/07 21:53:30 | 111,875,749 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/07 21:53:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/07 17:24:14 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/04/07 17:24:14 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/04/07 17:24:14 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/04/07 17:24:14 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/04/07 17:24:14 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/04/07 17:24:14 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/04/07 07:50:57 | 000,000,260 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/04/07 07:49:23 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/07 07:47:49 | 3152,867,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/06 11:34:59 | 000,649,644 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/04/06 03:00:23 | 000,006,944 | ---- | M] () -- C:\Users\Exosneer\AppData\Local\d3d9caps.dat
[2011/04/04 14:45:30 | 000,002,529 | ---- | M] () -- C:\Users\Exosneer\Desktop\HiJackThis.lnk
[2011/04/04 12:36:01 | 000,048,412 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/04 02:56:12 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/04 02:56:12 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/04 01:03:45 | 000,001,111 | ---- | M] () -- C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/04/04 00:12:05 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/03/31 03:27:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/30 08:53:46 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/30 04:41:33 | 000,487,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/29 11:33:03 | 000,002,291 | ---- | M] () -- C:\Users\Exosneer\Desktop\YouTube - Broadcast Yourself.lnk
[2011/03/15 09:56:03 | 000,139,264 | ---- | M] () -- C:\Users\Exosneer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/11 08:05:04 | 000,073,652 | ---- | M] () -- C:\Users\Exosneer\Documents\Capture1.JPG
[2011/03/11 07:56:19 | 000,478,765 | ---- | M] () -- C:\Users\Exosneer\Documents\.....exe
[2011/03/11 06:48:43 | 000,002,827 | ---- | M] () -- C:\Users\Exosneer\Documents\.....cpp
[1 C:\Users\Exosneer\AppData\Local\*.tmp files -> C:\Users\Exosneer\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/07 21:53:30 | 111,875,749 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/06 11:34:59 | 000,649,644 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/04/04 14:42:31 | 000,002,529 | ---- | C] () -- C:\Users\Exosneer\Desktop\HiJackThis.lnk
[2011/04/04 01:03:45 | 000,001,111 | ---- | C] () -- C:\Users\Exosneer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/31 03:27:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/13 20:05:44 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/12 18:41:16 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2011/03/11 08:05:01 | 000,073,652 | ---- | C] () -- C:\Users\Exosneer\Documents\Capture1.JPG
[2011/03/11 06:37:21 | 000,478,765 | ---- | C] () -- C:\Users\Exosneer\Documents\.....exe
[2011/03/11 06:37:17 | 000,002,827 | ---- | C] () -- C:\Users\Exosneer\Documents\.....cpp
[2011/03/06 09:49:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/06 09:49:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/05 17:50:24 | 000,125,932 | ---- | C] () -- C:\Windows\System32\5f65a848.exe
[2011/03/05 17:50:13 | 000,063,442 | ---- | C] () -- C:\Windows\System32\ccdevsugyqojl.exe
[2011/03/05 10:10:59 | 000,000,552 | ---- | C] () -- C:\Users\Exosneer\AppData\Local\d3d8caps.dat
[2011/03/04 22:23:36 | 000,083,968 | ---- | C] () -- C:\Users\Exosneer\AppData\Roaming\chrtmp
[2011/02/20 12:23:52 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2011/02/20 12:23:50 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/01/24 06:54:32 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2011/01/24 06:54:32 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2010/08/17 01:17:42 | 000,000,048 | ---- | C] () -- C:\Users\Exosneer\AppData\Roaming\wklnhst.dat
[2010/07/22 01:36:27 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/06/01 10:36:24 | 000,048,412 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/06/01 10:35:53 | 000,048,412 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/06/01 10:35:47 | 000,006,944 | ---- | C] () -- C:\Users\Exosneer\AppData\Local\d3d9caps.dat
[2010/05/30 19:52:56 | 000,980,804 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2010/05/29 03:40:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/26 19:32:39 | 000,139,264 | ---- | C] () -- C:\Users\Exosneer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 08:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/03/03 08:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2010/03/03 08:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/03/03 08:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/03/03 08:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010/03/03 08:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010/03/03 08:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010/03/03 08:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010/03/03 08:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/03/03 08:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010/03/03 08:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2010/03/03 08:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010/03/03 08:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/15 02:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/11/15 02:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009/11/15 02:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/11/15 02:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/11/15 02:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/11/15 02:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/11/15 02:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/11/15 02:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/11/15 02:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/11/15 02:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009/11/15 02:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009/11/15 02:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/11/15 02:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009/08/12 05:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009/01/11 06:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/04/21 20:36:49 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/02/29 13:21:37 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/10/13 17:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,487,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,612,100 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,109,516 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:8643C5BE

< End of report >


Extras.txt -


OTL Extras logfile created on: 4/7/2011 11:42:39 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112.08 Gb Total Space | 34.67 Gb Free Space | 30.93% Space Free | Partition Type: NTFS
Drive E: | 8.00 Gb Total Space | 7.87 Gb Free Space | 98.42% Space Free | Partition Type: NTFS
Drive F: | 9.00 Gb Total Space | 7.72 Gb Free Space | 85.75% Space Free | Partition Type: NTFS
Drive H: | 11.77 Gb Total Space | 1.97 Gb Free Space | 16.74% Space Free | Partition Type: NTFS
 
Computer Name: IAM3AISON | User Name: Exosneer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B519D50-9AF8-4726-AF1A-496F5E0DA355}" = rport=138 | protocol=17 | dir=out | app=system |
"{1DB2E0C9-54EE-4851-B2C5-8F351F9BF819}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1FA0C46B-431F-4D8F-BF6C-EF88EBB2CFA8}" = rport=139 | protocol=6 | dir=out | app=system |
"{223EB186-A993-4AA8-BC73-9A2366884824}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2751AC28-DD95-4C32-A305-6BD7F817F151}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A628667-9934-40D8-A688-C1E45E0EC150}" = lport=138 | protocol=17 | dir=in | app=system |
"{3B28F2E9-9941-4748-8505-44434657F235}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C7CD9E7-CC55-40E7-B5BA-8802A471CD50}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45B3BE9E-D3A6-461B-8374-668566F6AFC3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{483F0B96-54A8-4AB1-8B0A-863C4D14E4D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{4DE6598D-3CF9-46A3-AA1A-B5ECB7BF5E2E}" = lport=49397 | protocol=6 | dir=in | name=akamai netsession interface |
"{52EDB11E-4162-426C-9595-BBF061D79DF2}" = rport=137 | protocol=17 | dir=out | app=system |
"{59DE561C-F8AD-46BF-9736-4EA43DC8F245}" = lport=10243 | protocol=6 | dir=in | app=system |
"{70247A36-28B8-4FF2-B57E-14B2F41EEDC0}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7A037183-1B11-4A99-B0F3-B0FC2ADBF8E9}" = lport=445 | protocol=6 | dir=in | app=system |
"{7F12BF49-2AC9-4B5C-B322-BC01E8549808}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8757CC71-B67F-49E7-B635-55E25D5D8E01}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B329502-F98F-4E3A-93B2-B756BC946877}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99A72863-0A84-4490-892E-A42B71C48178}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A1778EC5-2917-47E0-8AC7-9DD393809CCB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2C513CC-8FCA-4460-86C4-0984F25C7521}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AA7DDE93-EA07-4776-9260-48BCE30E7711}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BD513099-EFCF-4FC3-97C8-8EB8BF63480B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BDFEB931-28D8-4C31-A0A6-31FC91824638}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD4C5CCE-74E3-452F-A51C-536839DBB303}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3EA23FE-9B20-4238-BF35-4B3B1EA370C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D54EE1D3-BFB0-4C78-935C-C80DDF68FA95}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA0B6C1F-1589-4C64-BE67-CB6BCB28A906}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EC0B3937-5244-49EB-BBD0-F9010F2968F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F176346A-BDED-45AD-9629-F0D72A55F764}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008E1BBB-7D38-4AFD-A254-CFC8276F359B}" = protocol=6 | dir=in | app=c:\program files\level up games\rohan online\loader.exe |
"{0E51C151-AD9A-4005-8C30-6C18D85525C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{113A2A7F-6622-416A-828B-3EA4F9022D67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{141572DC-2E7E-4B07-8EDB-1E0DF5F51363}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{167BE05E-A65C-476A-A01B-C3B1D78BD124}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{16D63093-F38A-4A8A-B8FA-30426E055F1E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{1FFFCF29-3128-4CCC-A649-A313F8BB8051}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2792FE57-C4B0-4A5D-B5F6-EBCD75D8C218}" = protocol=17 | dir=in | app=c:\program files\level up games\rohan online\loader.exe |
"{2EB2F2DC-4929-48B1-9FE9-B4A180C5665B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3031B68B-5C19-48FF-B8C2-0755BCA2DD77}" = protocol=1 | dir=out | [email protected],-28544 |
"{342D865F-B441-4471-8610-ECE4B762A9E7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{3BD5CE79-4436-4204-921D-1B8E51162E77}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4103DD1A-7F73-4FD5-9994-6F04FFCB65F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43A914FF-E12D-4833-9B5F-3BFB594C520D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{43E80F16-325B-4115-A26B-EA2D48AD50F1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{47574D4A-E627-4EB4-B344-A1432D6E6336}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{48E20570-C31C-4465-A139-085CB87429BD}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{4B3ACB0C-1D82-4184-838A-1B24C2A6B9FB}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{4BF44380-1B53-421D-93D6-4826C45BF6E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{505D8E7A-4BB1-4FD4-A73E-02A96164BEF3}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{54026AEF-3BB1-4775-B163-D5DF708E407F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55C65A65-CE0E-4F86-A57A-FFA798B8B5D9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{62109F19-846A-4C23-AE55-AE47BC149692}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{63314516-26DA-474E-BA81-689792DE51F5}" = protocol=58 | dir=in | [email protected],-28545 |
"{654E0CEE-A297-4719-8778-E49A092A41E8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6BE19620-455E-4B23-AB36-B902C7854D3C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6DEB019F-3D0F-42A2-A04D-6459AF525119}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7C154DA9-96B9-4480-91C3-8FC2F9E01536}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7D2E206F-5DD3-47B7-94C2-1308DC1CAEF1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7F1CB12F-250B-4A7F-B2DD-E80F907B1785}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{86B60275-F99A-40BC-9CAB-19A26EB865C5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{87F9BFCA-D9CD-4F5D-8976-C0729455F063}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{89565711-A894-4B98-BD9B-7943C4B3AE2B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{89765B6B-9C8C-44B1-8079-31C6624C7EE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8E1A5937-8C04-4EFE-B4DD-6E63764D0F7A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8E3F6ADD-7029-47B9-AD20-7E36C6C6D6C5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{960BEEC5-6271-404F-A7FF-27A2F8806A8C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{98396281-3695-4897-8D7D-6779F53A5153}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9872470D-B420-43C3-B412-9518882834F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9DEDAD01-AAA7-456F-BFE6-0D3E15C20ED0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A3D47A80-0FCA-4647-AE3F-7439170EC7F0}" = protocol=58 | dir=out | [email protected],-28546 |
"{A83C42E4-39F6-42CC-9880-EC2EA578638E}" = protocol=6 | dir=out | app=system |
"{A960DB70-B666-4989-B278-5332998DCAEF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A9AAFC9D-2385-4528-8147-2519D1E2E1D5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{ACC89EF0-97CD-4617-B32A-E4783EA91C23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADD8B9E7-8B06-4705-97E6-73A024F0D0EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B41F856A-BA3F-4743-AE8D-16A669D5D928}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B6CE5052-ADC4-47C4-9E31-4A233878870B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{BEB46097-1BA1-4613-85DD-AA485BD44740}" = protocol=1 | dir=in | [email protected],-28543 |
"{D50C30E8-DC19-433C-905B-566E529386A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D75CB142-0620-4202-A1FB-AE8A96527573}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{DA1E8D0B-A745-4E1F-A97B-696A7654235F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{E4CCE2DA-F3E9-451B-94D1-D915287594F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E59325E3-09C0-49C5-8C9E-BE12215166CE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E5F9CA90-801A-4DFC-817B-69D3188FC2F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E6070D3E-8265-48CB-883C-BAC9F97840CA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E7459326-B102-454B-A593-E004F7A4C2D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB15CD0A-D009-44CE-8D41-FBCFEB5A258F}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F249BC58-CA2F-4CFE-B38A-A9EEACF534F9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{F2C1C511-AEBF-4BD9-94A6-72EFD9AD0B44}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F87F295F-D795-4C1B-98E2-E0955B847972}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FA68AEC2-F352-4337-AB0D-991D8FB54BD9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FCA38353-88BB-412C-9B5C-A79E1789A6E2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{FDB10722-8DED-4558-87CC-03E530DE19BC}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{FE90D849-ADB0-43A5-B209-98F91DD6942F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{FFC66A39-7A64-43D7-B53F-86F7CD76DAB3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"TCP Query User{0E29077A-5779-4066-8A0C-514E5E34B8DA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{106C3D4A-DD88-4885-9589-55E07E4A19A0}C:\program files\google�
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Windows Vista Explorer crashes after launching a game
« Reply #4 on: April 09, 2011, 12:27:20 PM »
Sorry for the delay, can you do the following please
Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!

Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Back in Windows
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.    
  • If an update is found, it will download and install the latest version.    
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.    
  • The scan may take some time to finish,so please be patient.    
  • When the scan is complete, click OK, then Show Results to view the results.    
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)    
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.    
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Included with that log from MBAM, can you again do the following
Right click on OTL.exe and choose to "Run as Admin"
Tick both "Lop Check" and "Purity Check"
Leave all other selections alone
Then click on "Run Scan"
When done, post the new log that opens please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Windows Vista Explorer crashes after launching a game
« Reply #5 on: May 24, 2011, 03:25:59 PM »
As the original poster has not returned, this topic is now locked
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »