Yesterday I had a trojan attack my computer. I ran ad aware which found the virus and "removed" it. Everything seemed to eb abck to normala s ran scan again and didn't pick anything up.

However today my computer keeps opening internet explorer to various sites but always starting with 'miggo.info'. Also computer automatically restarted itself this mornign and almost exactly 12 hours later at about 9pm.

I have tried to run DDS but when completed it won't give me any logs just instructions on how to post them. Either I am missing something or my computer won't allow me to open the logs for some reason. Teatimer has been disabled etc.

Hi,


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.



Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

Here are the logs you aske for:

otl:

OTL logfile created on: 07/06/2010 14:34:54 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Steven\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 18.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 8.39 Gb Free Space | 15.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.43 Gb Total Space | 54.06 Gb Free Space | 99.31% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RPC-SK322
Current User Name: Steven
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Steven\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Steven\AppData\Local\Temp\win32.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
PRC - C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Program Files\NetMeter\NetMeter.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\Labtec\WebCam10\WebCam10.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe (Labtec Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Steven\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (DUMeterSvc) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (KService) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Labtec Inc.)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Labtec Inc.)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Labtec Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Labtec Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.notepad.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://teens.sparkpeople.com/myspark/mysparkstart_teen.asp"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: stickis@activeweave.com:1.1.804
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/05/23 09:53:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/28 12:31:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 12:00:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/13 03:23:03 | 000,000,000 | ---D | M]

[2008/06/17 21:46:22 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions
[2010/06/07 14:24:19 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions
[2010/02/18 13:50:22 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/01/23 14:24:08 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/04/28 08:30:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/02 20:18:08 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/19 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010/02/18 13:50:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/07 23:15:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(50)
[2009/06/05 16:29:24 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/04/21 17:12:15 | 000,000,000 | ---D | M] (SkillRaise Tool) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{90ab4b7a-dfc8-420b-a205-eae16593e719}
[2010/01/07 23:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}(51)
[2010/04/16 13:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/04/15 13:42:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 04:59:44 | 000,000,000 | ---D | M] (Update Scanner) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}
[2008/04/01 19:11:29 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2010/02/18 13:50:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/05/20 09:53:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/07 23:15:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(52)
[2010/04/11 09:55:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/23 19:08:25 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/05/20 09:53:36 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009/07/26 18:18:08 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\fastdial@telega.phpnet.us
[2010/04/28 08:30:39 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\foxmarks@kei.com
[2010/01/07 23:15:42 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\piclens@cooliris(49).com
[2009/03/26 10:29:19 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\extensions\stickis@activeweave.com
[2009/05/29 20:24:46 | 000,002,399 | ---- | M] () -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\searchplugins\daemon-search.xml
[2008/04/02 19:57:17 | 000,002,386 | ---- | M] () -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\sy7afotj.default\searchplugins\siteadvisor.xml
[2010/05/09 09:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/24 23:26:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/09 09:14:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/03/12 13:04:10 | 000,086,016 | ---- | M] (SpiralFrog Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPSFDMGR.dll
[2010/04/04 15:35:46 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/04 15:35:47 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/04 15:35:47 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/04 15:35:47 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Labtec\WebCam10\WebCam10.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{2F7A26E1-71F7-5DD0-5FDB-70C3506B905A}] C:\Users\Steven\AppData\Roaming\Evwe\iqny.exe (Bekiezolnyesgogixi)
O4 - HKCU..\Run: [{BF32163D-124A-7F01-2FDB-316E6FBA56A1}] C:\Users\Steven\AppData\Roaming\Niibe\cuon.exe ()
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe File not found
O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\Steven\AppData\Local\Temp\h3y8tpbc.exe File not found
O4 - HKCU..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Users\Steven\AppData\Local\Temp\win32.exe ()
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [mcexecwin] C:\Users\Steven\AppData\Local\Temp\vy0t1.DLL ()
O4 - HKCU..\Run: [Reminder] C:\Program Files\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Steven\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steven\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/09/10 22:49:28 | 000,000,084 | RHS- | M] () - E:\AutoRun.inf -- [ NTFS ]
O33 - MountPoints2\{b32da195-477f-11de-9b5c-001e8ce8a7c9}\Shell - "" = AutoRun
O33 - MountPoints2\{b32da195-477f-11de-9b5c-001e8ce8a7c9}\Shell\AutoRun\command - "" = D:\launch.exe -- File not found
O33 - MountPoints2\{b40f5a9a-0010-11dd-a715-0016449f994a}\Shell - "" = AutoRun
O33 - MountPoints2\{b40f5a9a-0010-11dd-a715-0016449f994a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/26 22:31:04 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/03 00:29:00 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010/06/03 00:29:00 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010/06/03 00:28:59 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010/06/03 00:28:59 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/06/03 00:28:59 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/06/03 00:28:59 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/06/03 00:28:59 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/06/03 00:28:58 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/06/03 00:28:58 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010/06/03 00:28:58 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/06/03 00:28:58 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010/06/03 00:28:58 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/06/03 00:28:58 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/06/03 00:28:58 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/06/03 00:28:57 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/06/03 00:28:57 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/06/03 00:28:57 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/06/03 00:28:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/06/03 00:28:57 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/06/03 00:28:56 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/06/03 00:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Undisker
[2010/06/02 23:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\RarZilla Free Unrar
[2010/05/31 14:14:20 | 000,099,584 | ---- | C] (eSXi) -- C:\Users\Steven\AppData\Local\syssvc.exe
[2010/05/31 14:04:14 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\rricbbexl
[2010/05/31 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\860FACD711112D868F96B9B038C77E89
[2010/05/29 17:28:19 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\KeePass
[2010/05/29 17:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe
[2010/05/25 18:57:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/09 09:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/09 09:14:36 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/09 09:14:36 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/09 09:14:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/09 09:14:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/07 14:38:23 | 004,456,448 | -HS- | M] () -- C:\Users\Steven\ntuser.dat
[2010/06/07 14:35:28 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FF4C2213-E995-4645-8163-15A96450B17C}.job
[2010/06/07 14:23:57 | 000,703,078 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/07 14:23:57 | 000,608,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/07 14:23:57 | 000,109,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/07 14:23:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/07 14:12:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/07 14:12:57 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/07 14:12:56 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/07 14:12:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/07 14:12:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/07 14:12:43 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/05 00:32:09 | 000,524,288 | -HS- | M] () -- C:\Users\Steven\NTUSER.DAT{b171e80b-f2fb-11dd-b4c7-0016449f994a}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 00:32:09 | 000,065,536 | -HS- | M] () -- C:\Users\Steven\NTUSER.DAT{b171e80b-f2fb-11dd-b4c7-0016449f994a}.TM.blf
[2010/06/05 00:31:46 | 006,291,456 | -H-- | M] () -- C:\Users\Steven\AppData\Local\IconCache.db
[2010/06/03 11:16:06 | 000,180,224 | ---- | M] () -- C:\Users\Steven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/03 10:09:13 | 000,005,513 | ---- | M] () -- C:\Users\Steven\images.jpg
[2010/06/02 11:30:27 | 018,499,623 | ---- | M] () -- C:\Users\Steven\Documents\vlc-1.0.5-win32.exe
[2010/06/02 00:53:38 | 000,525,824 | ---- | M] () -- C:\Users\Steven\Desktop\dds(2).scr
[2010/06/01 13:57:50 | 000,010,138 | ---- | M] () -- C:\Users\Steven\paint.png
[2010/05/31 14:14:20 | 000,099,584 | ---- | M] (eSXi) -- C:\Users\Steven\AppData\Local\syssvc.exe
[2010/05/30 00:43:46 | 000,000,087 | ---- | M] () -- C:\Users\Steven\jagex_runescape_preferences2.dat
[2010/05/30 00:42:35 | 000,000,042 | ---- | M] () -- C:\Users\Steven\jagex_runescape_preferences.dat
[2010/05/30 00:41:46 | 000,000,000 | ---- | M] () -- C:\Users\Steven\jagex__preferences3.dat
[2010/05/29 17:28:19 | 000,001,612 | ---- | M] () -- C:\Users\Steven\Documents\Database.kdb
[2010/05/29 17:10:34 | 000,000,815 | ---- | M] () -- C:\Users\Steven\Desktop\KeePass.lnk
[2010/05/25 17:19:34 | 000,467,911 | ---- | M] () -- C:\Users\Steven\Desktop\world cup 2010.xlsx
[2010/05/23 20:33:36 | 000,487,424 | ---- | M] () -- C:\Users\Steven\Documents\OXIDATION OF FATTY ACIDS 1.doc
[2010/05/15 15:25:14 | 000,092,726 | ---- | M] () -- C:\Users\Steven\Documents\untitled.bmp
[2010/05/14 18:20:33 | 000,059,352 | ---- | M] () -- C:\Users\Steven\walter-bishop.jpg
[2010/05/13 13:31:31 | 000,017,617 | ---- | M] () -- C:\Users\Steven\tumblr_kzyygkjJj31qzpwi0o1_400.jpg
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/03 10:09:11 | 000,005,513 | ---- | C] () -- C:\Users\Steven\images.jpg
[2010/06/02 00:53:27 | 000,525,824 | ---- | C] () -- C:\Users\Steven\Desktop\dds(2).scr
[2010/06/01 13:57:47 | 000,010,138 | ---- | C] () -- C:\Users\Steven\paint.png
[2010/05/30 00:41:46 | 000,000,000 | ---- | C] () -- C:\Users\Steven\jagex__preferences3.dat
[2010/05/29 17:18:36 | 000,001,612 | ---- | C] () -- C:\Users\Steven\Documents\Database.kdb
[2010/05/29 17:10:34 | 000,000,815 | ---- | C] () -- C:\Users\Steven\Desktop\KeePass.lnk
[2010/05/25 16:59:23 | 000,467,911 | ---- | C] () -- C:\Users\Steven\Desktop\world cup 2010.xlsx
[2010/05/23 20:33:36 | 000,487,424 | ---- | C] () -- C:\Users\Steven\Documents\OXIDATION OF FATTY ACIDS 1.doc
[2010/05/15 19:32:51 | 018,499,623 | ---- | C] () -- C:\Users\Steven\Documents\vlc-1.0.5-win32.exe
[2010/05/15 15:25:12 | 000,092,726 | ---- | C] () -- C:\Users\Steven\Documents\untitled.bmp
[2010/05/14 18:20:25 | 000,059,352 | ---- | C] () -- C:\Users\Steven\walter-bishop.jpg
[2010/05/13 13:31:24 | 000,017,617 | ---- | C] () -- C:\Users\Steven\tumblr_kzyygkjJj31qzpwi0o1_400.jpg
[2009/12/22 00:18:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/12/22 00:18:52 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/09/05 21:34:25 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll
[2009/07/29 21:37:27 | 000,051,370 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/05/23 10:52:27 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/09/21 14:00:06 | 000,000,242 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/09/19 22:55:10 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/05/16 19:02:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/04/02 20:29:30 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/03/23 11:55:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 16:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/08/21 09:21:07 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/08/21 09:21:07 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/08/21 09:21:07 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/08/21 09:21:07 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/08/21 09:21:07 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/08/21 09:21:07 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/08/21 09:14:15 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/08/21 09:02:20 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/08/21 09:02:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/08/21 09:02:20 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/08/21 09:02:20 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/08/21 07:38:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/21 07:38:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/08/21 07:38:10 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/03/06 17:50:30 | 001,669,664 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/22 00:12:54 | 000,013,752 | ---- | M] () -- C:\0x0809.ini
[2009/12/22 00:12:55 | 000,028,160 | ---- | M] () -- C:\2057.MST
[2010/06/07 14:12:38 | 000,028,080 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 08:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/08/21 07:23:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/06/07 14:12:43 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/21 13:59:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/21 13:59:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/07 14:12:38 | 2452,070,400 | -HS- | M] () -- C:\pagefile.sys
[2007/08/21 08:59:05 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2009/12/22 00:12:57 | 003,686,400 | ---- | M] () -- C:\Samsung New PC Studio USB Driver Installer.msi
[2009/05/29 20:27:56 | 000,005,694 | ---- | M] () -- C:\Sdicon32.ico
[2007/08/21 09:06:21 | 000,000,086 | ---- | M] () -- C:\setup.log
[2007/09/03 12:48:29 | 000,000,229 | -H-- | M] () -- C:\SWSTAMP.TXT

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/19 08:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008/01/19 08:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/19 08:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 08:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/08/21 07:23:09 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/08/21 07:23:07 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/08/21 07:23:09 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/08/21 07:23:19 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/08/21 07:23:21 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/09 16:10:30 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\ModemLogs\ModemLogs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Panther\setup.exe\setup.exe] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\LocalService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Documents\Documents] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Links\Links] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Music\Music] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\ServiceProfiles\NetworkService\Videos\Videos] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\~msdt\tools\tools] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\History\Results\Results] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\RtSigs\Data\Data] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\SiteAdvisor\SiteAdvisor] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu106e.tmp\slu106e.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu118.tmp\slu118.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu11bf.tmp\slu11bf.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu13a2.tmp\slu13a2.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu1830.tmp\slu1830.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu18de.tmp\slu18de.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu190d.tmp\slu190d.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu1ab5.tmp\slu1ab5.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu1b7d.tmp\slu1b7d.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu1b9e.tmp\slu1b9e.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu1d02.tmp\slu1d02.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu1f18.tmp\slu1f18.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu1f3a.tmp\slu1f3a.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu24a9.tmp\slu24a9.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu253c.tmp\slu253c.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu2857.tmp\slu2857.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu2c37.tmp\slu2c37.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu2f37.tmp\slu2f37.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu30e0.tmp\slu30e0.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu3294.tmp\slu3294.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu33aa.tmp\slu33aa.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu397b.tmp\slu397b.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu39c2.tmp\slu39c2.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu3b94.tmp\slu3b94.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu3c1f.tmp\slu3c1f.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu3e31.tmp\slu3e31.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu3e35.tmp\slu3e35.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu3e72.tmp\slu3e72.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu3f65.tmp\slu3f65.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu4597.tmp\slu4597.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu49ad.tmp\slu49ad.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu4aa0.tmp\slu4aa0.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu4c19.tmp\slu4c19.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu4c64.tmp\slu4c64.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu4f76.tmp\slu4f76.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu5656.tmp\slu5656.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu56b3.tmp\slu56b3.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu5b9e.tmp\slu5b9e.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu5de5.tmp\slu5de5.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu6195.tmp\slu6195.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu61e0.tmp\slu61e0.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu6278.tmp\slu6278.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu62e.tmp\slu62e.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu661b.tmp\slu661b.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu68ad.tmp\slu68ad.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu6d5a.tmp\slu6d5a.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu715f.tmp\slu715f.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu72f7.tmp\slu72f7.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu7b9e.tmp\slu7b9e.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slu7e81.tmp\slu7e81.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slua6d.tmp\slua6d.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slub1b.tmp\slub1b.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\slue1e.tmp\slue1e.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\Temp\SxsTemp\SxsTemp] -> \Device\__max++>\^ -> Mount Point
[C:\Windows\tracing\tracing] -> \Device\__max++>\^ -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:7FB6A46D
< End of report >

otl extras:

OTL Extras logfile created on: 07/06/2010 14:34:54 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Steven\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 18.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 8.39 Gb Free Space | 15.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.43 Gb Total Space | 54.06 Gb Free Space | 99.31% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RPC-SK322
Current User Name: Steven
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00271AAE-91ED-4D6C-BDA7-C21D7028E48D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C9E0540C-BB90-45B0-B0A8-A03921ECD802}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B6CFB8-DA18-40B9-B305-4356396B7FB6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{087FD9DD-FBD5-4818-9EBE-4F5E8CC43EF1}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0C3FC339-294F-4CD5-A893-0F5F0B2FCBAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CC8B49A-74D8-43B8-8E10-BE165BF1E6D0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{13EB7A53-83EA-4F30-A9F4-ABF493F086CC}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{184B3C70-33D0-471C-9197-98DEF3BB6239}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{1CB9814D-8CB9-43E5-BB5A-A9878825F848}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{1FA3594F-0780-4CE5-A99F-F29CDA3ECF6E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20215EF3-9055-44F3-8E13-F7810562488E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{24B54436-FCD7-40C5-B66F-1B01F5F26280}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{2A172F69-DA0D-4C4D-8D36-45AEF2E253FE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{2B1C30BA-D3A9-4DB9-9FF0-6BB42B6C276C}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{30F26AB3-E91B-4685-B7B9-3D72DD23A86B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{37A555F2-6107-424F-9560-5E24561A4C76}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{42E92377-AEFB-49E2-9AE5-F9AEDA9C3B05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{4751EDB5-4CE4-4C7E-86CA-7C527B219609}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{4A1E691A-9B2D-47C9-BD57-B0DACDC32C52}" = protocol=17 | dir=in | app=c:\freewire\freewire television\freewire television.exe |
"{549B7D6A-78DC-492C-A243-8AB2FAE10748}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6F4A2DD3-E8D4-4052-9B1A-7EF17BC87498}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76318658-0B76-4F06-A774-5D5475B104BB}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{7F1FB2EF-55FB-4E1A-9FF9-B04BAB8F514E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{849CB852-5AD3-48B3-B21F-6F59D9BB2B4F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8D15F83A-082B-4CF2-80C3-7B745F31432F}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{9D458BC2-01DA-4323-ADFF-CEF890FA852D}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{9F41456D-EA00-42AB-A1B8-DE67F9601788}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{A20C67C0-6A5F-48E6-ACED-F2325CA63664}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A370968D-C907-4A30-B974-706EA0ADFF58}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A6D577AD-767C-426B-A904-8ADF85E6E8C0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A966CDEC-6782-4F15-88E0-806F3B73A8ED}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{AEEAA851-795E-417D-9766-12C5D8AD7787}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B6F0A614-653C-4918-B0AB-B84DCFC603C0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{BFBA967A-041B-47A9-BB2C-304D04C2A013}" = protocol=6 | dir=in | app=c:\freewire\freewire television\freewire television.exe |
"{C680D984-184D-456D-9812-57C920C6EFCE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CAD49438-9503-473F-A70E-AAF44A17DED5}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{D0303DDC-1DFC-4E2C-A16E-700680D26605}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{DC33001A-7AD6-4DF7-9C10-C959A37EA2BA}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{E2DA82E3-9618-40AD-9EC4-763C53F18167}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{E2F0A0DE-820A-46A5-A51A-A2DFFA8BB61F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EC1CB6A2-7927-4DD6-B07B-EFCD4B97FF79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{F5A0AEE2-0555-4930-B769-48752DD068E9}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
"{F895FD82-E8BD-4B35-978A-D902613C52BC}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FDB967C1-4E54-49DE-B11A-77585DF4F820}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"TCP Query User{0ECFE218-6F11-448F-AE05-E597275197F4}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{17B1C778-3D36-43E4-9000-AD292EAEA83B}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{17B31CED-0DF7-468C-82A4-7442F38C9876}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{211BCA56-2954-4F50-A2EF-3FAAB6888FAA}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{298F7757-ADA1-42D7-9275-7B8BB297C33D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{4B95B793-300B-4CAB-B284-BD493D5680BB}C:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"TCP Query User{509B8C8B-C19D-4550-8DEF-D8F55E138E5D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{50D752AB-0C33-4801-BB3C-78646B5023AC}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{5C3EDEE9-C1A8-4F4D-ADDA-3588E3C73C7D}C:\program files\live-player\live-player.exe" = protocol=6 | dir=in | app=c:\program files\live-player\live-player.exe |
"TCP Query User{610871CC-37EF-44CF-BD1A-D77CB3885ADF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6F33DB65-82D2-458D-A67B-94E7E0DFE7E0}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"TCP Query User{76ABB9B9-1EA3-4045-BF2C-5E604AF3C20F}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{7BF805D7-7D5B-457A-AEE3-A28D3ACE60A4}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{A7E7F447-A836-46FD-9CF8-B06CABE7BAB6}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{AE592BEB-8653-48D8-9934-DF24BB8CAF08}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{B73554A8-A6BB-4F4C-8BD2-2CCB0E86B4E0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B9067E1B-5081-433A-8C58-9DA6D8E5B0DA}C:\users\steven\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\steven\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{C10D0BBC-DF56-4F75-B7F0-F54222AC9B98}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E23FC36C-EAEA-448E-95D8-3B4A7DC42327}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{F3455168-F2DE-4817-BC51-BED9700CE1F9}C:\program files\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"TCP Query User{F878C21B-0EE0-42CB-AF6B-4591C789D06D}C:\program files\spring\springlobby.exe" = protocol=6 | dir=in | app=c:\program files\spring\springlobby.exe |
"TCP Query User{FE7B18FC-E71A-4D46-87F0-2228558A0880}C:\program files\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"UDP Query User{05D72E3E-975F-4260-B996-F597FC81DA21}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{10A65DA3-A3D7-41BB-90F0-C168BD461636}C:\program files\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"UDP Query User{13D0033D-57EC-4DB3-9F81-AD3F18B51CC3}C:\users\steven\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\steven\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{2AC3C10B-3C4C-48C8-B8C6-80A78195A921}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{33C14100-746F-4D44-83E5-30C780F59399}C:\program files\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"UDP Query User{4089D28B-ACFF-4EE6-8EC9-C851AD7016FB}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{467539D3-E175-4372-9D69-726C5D483381}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{6682F202-7837-43F7-B21B-2F1005F3B41E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{68BD9183-0EA5-4017-A877-BC076C6D28B5}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"UDP Query User{6D173061-5827-4356-853F-2804B14B75E3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6ED996F1-758A-483B-8A86-5D25EFCA659B}C:\program files\spring\springlobby.exe" = protocol=17 | dir=in | app=c:\program files\spring\springlobby.exe |
"UDP Query User{7B1DC47E-BF61-43AB-B553-5278B4854249}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{7F552B46-B44A-4F8C-B6C0-4B1F1E6757C5}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{83F985A2-1660-4E2E-9D4C-5935F1D1CA90}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{87C83EF8-1619-4355-ABE2-014EC1709631}C:\program files\live-player\live-player.exe" = protocol=17 | dir=in | app=c:\program files\live-player\live-player.exe |
"UDP Query User{9B7AC60C-A1F4-40C1-9319-E94E83AA9030}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B4BE4C86-FF09-4ACC-90BB-052584A73A13}C:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"UDP Query User{B6346A53-6C1B-4979-B305-8F8113129000}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B6F2BB29-B177-4345-9290-B43A18D215CC}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{CD62EB6F-56C5-4486-914E-A940405543A5}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{DA35CDF5-DF7C-4278-B571-2EEA67AC6934}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{F2F58035-B714-4CF9-87A8-DDBA94E9A17F}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13BD39FC-F703-47B0-B13C-09F0F800A73E}_is1" = FIFA 10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1597D0AE-34A7-4A8B-A395-2E30EB745470}" = Nokia Connectivity Cable Driver
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29A41D4C-4843-121B-967E-E6598ED10D90}" = Quick Hit - Football
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{48DEAAF2-8276-4BBD-B7B6-91E454938476}" = CambridgeSoft ChemDraw Ultra 12.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E8FD73A-B055-4A62-9C37-FF36D2186328}" = AVEO USB2.0 PC Camera(S5HVTV1P20821)
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = DSA Theory Test
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116675410}" = WorldCup Cricket 20-20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}" = Labtec WebCam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AFB86EE-BA11-4252-8215-4F7D327F1E30}" = Freewire Telephone
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BECEF2E4-0B0B-461A-AE80-CC569F028303}" = Symyx Draw
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"CUZ4_is1" = CAM UnZip 4.42
"DirectVobSub" = DirectVobSub (remove only)
"Football Manager 2009" = Football Manager 2009
"Football Manager 2010" = Football Manager 2010
"Gham" = Gham 1.0.7
"HattrickManager" = Hattrick Manager
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{79D1BA4A-BEB4-4357-A431-C3EF58E72E6C}" = DSA Theory Test
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KeePass Password Safe_is1" = KeePass Password Safe 1.17
"LastFM_is1" = Last.fm 1.5.2.38918
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSMONEYV60" = Microsoft Money 98
"myphotobook" = myphotobook 3.1
"NetMeter_is1" = NetMeter 1.1.3
"Network Play System (Patching)" = Network Play System (Patching)
"PFPortChecker" = PFPortChecker 1.0.28
"Prison Tycoon 2" = Prison Tycoon 2
"QcDrv" = Labtec® Camera Driver
"quickhit.football.QHFootball.4D5206CA741FBF5FD6AAD1A97F5076E917382B34.1" = Quick Hit - Football
"Rapport_msi" = Rapport
"RarZilla Free Unrar" = RarZilla Free Unrar
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SecondLife" = SecondLife (remove only)
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.0.3
"Spotify" = Spotify
"Spring" = Spring 0.80.4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Sims" = The Sims
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TV Player" = Veetle TV Player 0.9.11
"uTorrent" = µTorrent
"Veetle TV Player" = Veetle TV Player 0.9.11
"VLC media player" = VLC media player 0.9.8a
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/01/2010 11:13:05 | Computer Name = RPC-sk322 | Source = Google Update | ID = 20
Description =

Error - 08/01/2010 06:52:43 | Computer Name = RPC-sk322 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 09/01/2010 18:15:44 | Computer Name = RPC-sk322 | Source = Application Error | ID = 1000
Description = Faulting application SynTPEnh.exe, version 10.0.3.0, time stamp 0x467c7fdc,
faulting module SynTPEnh.exe, version 10.0.3.0, time stamp 0x467c7fdc, exception
code 0xc0000409, fault offset 0x000233b3, process id 0x514, application start time
0x01ca905082dbdb7d.

Error - 10/01/2010 19:01:52 | Computer Name = RPC-sk322 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3623, time stamp 0x4b16a46c,
faulting module js3250.dll, version 4.0.0.0, time stamp 0x4b16a509, exception code
0xc0000005, fault offset 0x00047654, process id 0x192c, application start time 0x01ca92433db01b00.

Error - 14/01/2010 04:33:54 | Computer Name = RPC-sk322 | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x3030302e, process id 0xea0, application start time 0x01ca94f445cbce20.

Error - 14/01/2010 16:56:32 | Computer Name = RPC-sk322 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/01/2010 09:46:03 | Computer Name = RPC-sk322 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 22/01/2010 23:20:24 | Computer Name = RPC-sk322 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 28/01/2010 08:11:18 | Computer Name = RPC-sk322 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 28/01/2010 08:11:26 | Computer Name = RPC-sk322 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 04/06/2010 18:50:13 | Computer Name = RPC-sk322 | Source = Service Control Manager | ID = 7000
Description =

Error - 04/06/2010 18:50:13 | Computer Name = RPC-sk322 | Source = Service Control Manager | ID = 7000
Description =

Error - 04/06/2010 18:50:13 | Computer Name = RPC-sk322 | Source = Service Control Manager | ID = 7000
Description =

Error - 04/06/2010 18:50:13 | Computer Name = RPC-sk322 | Source = Service Control Manager | ID = 7000
Description =

Error - 04/06/2010 19:31:50 | Computer Name = RPC-sk322 | Source = DCOM | ID = 10010
Description =

Error - 07/06/2010 09:12:54 | Computer Name = RPC-sk322 | Source = HTTP | ID = 15016
Description =

Error - 07/06/2010 09:13:14 | Computer Name = RPC-sk322 | Source = Service Control Manager | ID = 7000
Description =

Error - 07/06/2010 09:13:14 | Computer Name = RPC-sk322 | Source = Service Control Manager | ID = 7000
Description =

Error - 07/06/2010 09:13:14 | Computer Name = RPC-sk322 | Source = Service Control Manager | ID = 7000
Description =

Error - 07/06/2010 09:13:14 | Computer Name = RPC-sk322 | Source = Service Control Manager | ID = 7000
Description =


< End of report >

I tried to run the other scan but completly jammed up my computer so had to restart twice and therfore couldn't get a full report so gave up.

Hope the other reports are enough.

Hi,

Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Double-click on it to run a scan. When it's finished (give it 15 minutes to make sure the whole log writing process is complete), there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Running from: C:\Users\Steven\Downloads\Win32kDiag.exe

Log file at : C:\Users\Steven\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2010-06-07 22:05:39 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2010-06-07 14:12:42 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2010-06-07 22:05:31 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2010-06-07 22:05:31 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2010-06-07 22:06:34 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Found mount point : C:\Windows\Temp\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\History\Results\Results

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\RtSigs\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\SiteAdvisor\SiteAdvisor

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu106e.tmp\slu106e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu118.tmp\slu118.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu11bf.tmp\slu11bf.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu13a2.tmp\slu13a2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1830.tmp\slu1830.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu18de.tmp\slu18de.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu190d.tmp\slu190d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1ab5.tmp\slu1ab5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1b7d.tmp\slu1b7d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1b9e.tmp\slu1b9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1d02.tmp\slu1d02.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1f18.tmp\slu1f18.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1f3a.tmp\slu1f3a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu24a9.tmp\slu24a9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu253c.tmp\slu253c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu2857.tmp\slu2857.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu2c37.tmp\slu2c37.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu2f37.tmp\slu2f37.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu30e0.tmp\slu30e0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3294.tmp\slu3294.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu33aa.tmp\slu33aa.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu397b.tmp\slu397b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu39c2.tmp\slu39c2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3b94.tmp\slu3b94.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3c1f.tmp\slu3c1f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3e31.tmp\slu3e31.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3e35.tmp\slu3e35.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3e72.tmp\slu3e72.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3f65.tmp\slu3f65.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4597.tmp\slu4597.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu49ad.tmp\slu49ad.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4aa0.tmp\slu4aa0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4c19.tmp\slu4c19.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4c64.tmp\slu4c64.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4f76.tmp\slu4f76.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu5656.tmp\slu5656.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu56b3.tmp\slu56b3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu5b9e.tmp\slu5b9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu5de5.tmp\slu5de5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu6195.tmp\slu6195.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu61e0.tmp\slu61e0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu6278.tmp\slu6278.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu62e.tmp\slu62e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu661b.tmp\slu661b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu68ad.tmp\slu68ad.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu6d5a.tmp\slu6d5a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu715f.tmp\slu715f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu72f7.tmp\slu72f7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu7b9e.tmp\slu7b9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu7e81.tmp\slu7e81.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slua6d.tmp\slua6d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slub1b.tmp\slub1b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slue1e.tmp\slue1e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\SxsTemp\SxsTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\~msdt\tools\tools

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^



Finished!

Hi,

Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

See if you're able to run DDS after that.

Running from: C:\Users\Steven\Downloads\Win32kDiag.exe

Log file at : C:\Users\Steven\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2010-06-07 22:05:39 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2010-06-07 14:12:42 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2010-06-07 22:05:31 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2010-06-07 22:05:31 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2010-06-07 22:06:34 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Found mount point : C:\Windows\Temp\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\History\Results\Results

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\RtSigs\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\SiteAdvisor\SiteAdvisor

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu106e.tmp\slu106e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu118.tmp\slu118.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu11bf.tmp\slu11bf.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu13a2.tmp\slu13a2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1830.tmp\slu1830.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu18de.tmp\slu18de.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu190d.tmp\slu190d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1ab5.tmp\slu1ab5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1b7d.tmp\slu1b7d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1b9e.tmp\slu1b9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1d02.tmp\slu1d02.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1f18.tmp\slu1f18.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1f3a.tmp\slu1f3a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu24a9.tmp\slu24a9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu253c.tmp\slu253c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu2857.tmp\slu2857.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu2c37.tmp\slu2c37.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu2f37.tmp\slu2f37.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu30e0.tmp\slu30e0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3294.tmp\slu3294.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu33aa.tmp\slu33aa.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu397b.tmp\slu397b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu39c2.tmp\slu39c2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3b94.tmp\slu3b94.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3c1f.tmp\slu3c1f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3e31.tmp\slu3e31.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3e35.tmp\slu3e35.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3e72.tmp\slu3e72.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3f65.tmp\slu3f65.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4597.tmp\slu4597.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu49ad.tmp\slu49ad.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4aa0.tmp\slu4aa0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4c19.tmp\slu4c19.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4c64.tmp\slu4c64.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4f76.tmp\slu4f76.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu5656.tmp\slu5656.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu56b3.tmp\slu56b3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu5b9e.tmp\slu5b9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu5de5.tmp\slu5de5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu6195.tmp\slu6195.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu61e0.tmp\slu61e0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu6278.tmp\slu6278.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu62e.tmp\slu62e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu661b.tmp\slu661b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu68ad.tmp\slu68ad.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu6d5a.tmp\slu6d5a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu715f.tmp\slu715f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu72f7.tmp\slu72f7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu7b9e.tmp\slu7b9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu7e81.tmp\slu7e81.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slua6d.tmp\slua6d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slub1b.tmp\slub1b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slue1e.tmp\slue1e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\SxsTemp\SxsTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\~msdt\tools\tools

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^



Finished!

Hi,

You either posted same log again or didn't run the tool as instructed in my previous post.

Running from: C:\Users\Steven\Desktop\win32kdiag.exe

Log file at : C:\Users\Steven\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2010-06-08 16:34:16 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2010-06-08 16:34:08 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2010-06-08 16:34:08 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2010-06-08 16:34:08 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2010-06-08 16:35:08 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Found mount point : C:\Windows\Temp\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\History\Results\Results

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\RtSigs\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\SiteAdvisor\SiteAdvisor

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu106e.tmp\slu106e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu118.tmp\slu118.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu11bf.tmp\slu11bf.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu13a2.tmp\slu13a2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1830.tmp\slu1830.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu18de.tmp\slu18de.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu190d.tmp\slu190d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1ab5.tmp\slu1ab5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1b7d.tmp\slu1b7d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1b9e.tmp\slu1b9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1d02.tmp\slu1d02.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1f18.tmp\slu1f18.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu1f3a.tmp\slu1f3a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu24a9.tmp\slu24a9.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu253c.tmp\slu253c.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu2857.tmp\slu2857.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu2c37.tmp\slu2c37.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu2f37.tmp\slu2f37.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu30e0.tmp\slu30e0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3294.tmp\slu3294.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu33aa.tmp\slu33aa.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu397b.tmp\slu397b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu39c2.tmp\slu39c2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3b94.tmp\slu3b94.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3c1f.tmp\slu3c1f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3e31.tmp\slu3e31.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3e35.tmp\slu3e35.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3e72.tmp\slu3e72.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu3f65.tmp\slu3f65.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4597.tmp\slu4597.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu49ad.tmp\slu49ad.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4aa0.tmp\slu4aa0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4c19.tmp\slu4c19.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4c64.tmp\slu4c64.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu4f76.tmp\slu4f76.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu5656.tmp\slu5656.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu56b3.tmp\slu56b3.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu5b9e.tmp\slu5b9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu5de5.tmp\slu5de5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu6195.tmp\slu6195.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu61e0.tmp\slu61e0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu6278.tmp\slu6278.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu62e.tmp\slu62e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu661b.tmp\slu661b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu68ad.tmp\slu68ad.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu6d5a.tmp\slu6d5a.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu715f.tmp\slu715f.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu72f7.tmp\slu72f7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu7b9e.tmp\slu7b9e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slu7e81.tmp\slu7e81.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slua6d.tmp\slua6d.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slub1b.tmp\slub1b.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\slue1e.tmp\slue1e.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\SxsTemp\SxsTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\~msdt\tools\tools

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^



Finished!

Tried DDS but again didn't work.

That still looks like you didn't run it correctly.

Make sure win32kdiag.exe file is on your desktop.

Click start->run->type cmd.exe and type following command into command prompt box:
"%userprofile%\desktop\win32kdiag.exe" -f -r

Note: Don't forget those parameters in command!

steven this thread has been archived due to inactivity.

As it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your topic will not be re-opened. If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.
---------------------------------
Edit
http://forums.spybot.info/showthread.php?t=58174
Edit
New topic closed to inactivity.