Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Some services on my Windows Vista is unable to start properly


  • Please log in to reply

#16
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
They're both checking the MBR, but no it's not the same. aswMBR failed as you said, so it's safer to get the MBR offline, without any interventions.
That was what you meant?
  • 0

Advertisements


#17
SiLveR001

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
oh isee :)

so is this MBR Fix is something that i can see immediately if im on the reatogo desktop already is that correct?
  • 0

#18
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts

Double-click on the MbrFix

Yes, it's a program located on your Desktop, named MbrFix. You'll find it easily
If there are any problem tell me :)
  • 0

#19
SiLveR001

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there :unsure:

thanks for the info
i think i got the file now
can u verify if this is the correct file :)

http://www.mediafire...8mvtia32009yra1

note: i couldnt attach the file in the uploader so i hope mediafire would do okay
  • 0

#20
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Ok it seems that you're clean on that part so let's continue


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Services

    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-

    [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"=-

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

    :Files
    c:\program files\ConduitEngine
    c:\program files\uTorrentBar

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    C:\Desktop\*.* /s

  • Click the Quick Scan button. Post the log it produces in your next reply.



Next:
Create a folder on your desktop. Label that folder avz4. Download avz4.exe from HERE and save it in the avz4 folder. ( A zipped file is available here)
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again


  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.
    Posted Image
  • Click on the “Execute selected scripts”.
  • Automatic scanning, healing and system check will be executed.
  • A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
  • It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
  • All applications will work properly after the system restart.

When restarted

  • Start AVZ.
  • Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.
    Posted Image
  • Click on the "Execute selected scripts".
  • A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

Attach both virusinfo_syscure.zip and virusinfo_syscheck.zip to your next post

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#21
SiLveR001

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there :unsure:

thanks for replying

i just got the files needed and imma post em now

i just attached the link of the OTL since when i try to post the log here in text, the browser freezes and im unable to post the reply :)

http://www.mediafire...5qens3cig5i5dii

Attached Files


  • 0

#22
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,
Sorry for the late reply.
It seems that your computer is starting to seem clean.

I recommend that you uninstall iWin Games. I've seen that you may get infections from programs downloaded from there. Tell me if you're going to uninstall it



Next:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    [2011/05/29 16:28:33 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    [2011/05/29 16:28:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
    O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O2 - BHO: (no name) - {A1056498-D09A-41E4-864B-505EDD640D9E} - No CLSID value found.
    O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    [2010/05/04 09:51:02 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\PlayFirst

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Next:
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Next:
Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.



Next:
Do you know what the folder C:\Desktop is? I can see some cracks inside it, that may be infected, but also some other strange files.

After all these, tell me if your computer still has these problems and how it's running
  • 0

#23
SiLveR001

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there :)
thanks for replying and sorry for replying late
i had some problems with the procedure so i tried to work it out
but for some reasons the OTL is being treated as a threat by avast
so i turn it off and run the fix but after that as i rebooted it has been removed from the desktop so i dont have the log for that
but other that i was able to get the other two here they are

mbam log:


Malwarebytes' Anti-Malware 1.36
Database version: 2132
Windows 6.0.6001 Service Pack 1

5/15/2009 9:44:39 AM
mbam-log-2009-05-15 (09-44-39).txt

Scan type: Quick Scan
Objects scanned: 84049
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


and here is the log for kaspersky


Autoscan: completed 2 minutes ago (events: 47, objects: 1239762, time: 05:26:15)
6/4/2011 8:34:28 PM Task started
6/4/2011 8:55:47 PM Detected: Trojan.Win32.VB.ajtm C:\Users\† JeFFreY †\Documents\My Completed Downloads\blackrain.rar/OMFGZ MultiDll Injector.exe
6/4/2011 9:12:20 PM Deleted: Trojan.Win32.VB.ajtm C:\Users\† JeFFreY †\Documents\My Completed Downloads\blackrain.rar
6/4/2011 9:30:20 PM Detected: Trojan.Win32.Buzus.hhhz C:\Desktop\Game\6114\DeathToB_6114.exe
6/4/2011 9:30:23 PM Detected: Worm.Win32.AutoRun.bsul C:\Desktop\Game\Audition\AuAgent3.55_passed_hs\UserMgr.exe/UPX
6/4/2011 9:30:25 PM Detected: Worm.Win32.AutoRun.bsul C:\Desktop\Game\Audition\AuAgent3.55_passed_hs.rar/UserMgr.exe/UPX
6/4/2011 9:30:26 PM Detected: Trojan-Spy.Win32.Brazban.bb C:\Desktop\Game\Audition\PerfectHack.rar/Perfecthack.exe/setup.zip/1
6/4/2011 9:31:06 PM Detected: Trojan.Win32.VB.ajtm C:\Desktop\Game\Audition\Backups\OMFGZ MultiDll Injector.rar/OMFGZ MultiDll Injector.exe
6/4/2011 9:36:10 PM Deleted: Trojan.Win32.Buzus.hhhz C:\Desktop\Game\6114\DeathToB_6114.exe
6/4/2011 9:36:10 PM Deleted: Trojan.Win32.VB.ajtm C:\Desktop\Game\Audition\Backups\OMFGZ MultiDll Injector.rar
6/4/2011 9:36:10 PM Deleted: Worm.Win32.AutoRun.bsul C:\Desktop\Game\Audition\AuAgent3.55_passed_hs\UserMgr.exe
6/4/2011 9:36:10 PM Detected: Trojan-Spy.Win32.Ardamax.iew C:\Desktop\Game\Audition\Backups\X-Dance.rar/X-Dances.exe
6/4/2011 9:36:11 PM Deleted: Trojan-Spy.Win32.Brazban.bb C:\Desktop\Game\Audition\PerfectHack.rar
6/4/2011 9:36:19 PM Deleted: Worm.Win32.AutoRun.bsul C:\Desktop\Game\Audition\AuAgent3.55_passed_hs.rar
6/4/2011 9:36:19 PM Deleted: Trojan-Spy.Win32.Ardamax.iew C:\Desktop\Game\Audition\Backups\X-Dance.rar
6/4/2011 9:36:20 PM Detected: Trojan-Spy.Win32.KeyLogger.lvo C:\Desktop\Game\Audition\Backups\AuditionSea Hack Pack 6054\AuditionAgent\nProtect.dll
6/4/2011 9:36:23 PM Detected: Backdoor.Win32.Agent.arpu C:\Desktop\Game\Audition\Backups\AuditionSea Hack Pack 6054\AuditionAgent\AuditionDLL\PerScano.dll
6/4/2011 9:36:23 PM Deleted: Trojan-Spy.Win32.KeyLogger.lvo C:\Desktop\Game\Audition\Backups\AuditionSea Hack Pack 6054\AuditionAgent\nProtect.dll
6/4/2011 9:36:26 PM Deleted: Backdoor.Win32.Agent.arpu C:\Desktop\Game\Audition\Backups\AuditionSea Hack Pack 6054\AuditionAgent\AuditionDLL\PerScano.dll
6/4/2011 9:36:51 PM Detected: Backdoor.Win32.Agent.arpu C:\Desktop\Game\Audition\Backups\AuditionSea Hack Pack 6054.rar/AuditionAgent/AuditionDLL/PerScano.dll
6/4/2011 9:36:57 PM Detected: Trojan-Spy.Win32.Ardamax.iew C:\Desktop\Game\Audition\Backups\X-Dance\X-Dances.exe
6/4/2011 9:37:01 PM Detected: HEUR:Trojan.Win32.Generic C:\Desktop\Game\Audition\Backups\Romeo Hot Dance 1.2(Still Working)\RomeoHotDance.exe/ASPack/data0000.res
6/4/2011 9:37:12 PM Detected: HEUR:Trojan.Win32.Generic C:\Desktop\Game\Audition\Backups\Romeo Hot Dance 1.2(Still Working).rar/RomeoHotDance.exe/ASPack/data0000.res
6/4/2011 9:37:25 PM Detected: Trojan-Spy.Win32.Brazban.bb C:\Desktop\Game\Audition\rPE\PerfectHack\Perfecthack.exe/setup.zip/1
6/4/2011 9:38:12 PM Detected: HEUR:Trojan.Win32.Generic C:\Desktop\Game\Audition\Backups\Romeo Hot Dance 1.2(Still Working)\RomeoHotDance.exe/ASPack
6/4/2011 9:38:12 PM Deleted: HEUR:Trojan.Win32.Generic C:\Desktop\Game\Audition\Backups\Romeo Hot Dance 1.2(Still Working)\RomeoHotDance.exe
6/4/2011 9:38:13 PM Deleted: Trojan-Spy.Win32.Brazban.bb C:\Desktop\Game\Audition\rPE\PerfectHack\Perfecthack.exe
6/4/2011 9:38:14 PM Deleted: Trojan-Spy.Win32.Ardamax.iew C:\Desktop\Game\Audition\Backups\X-Dance\X-Dances.exe
6/4/2011 9:38:17 PM Detected: HEUR:Trojan.Win32.Generic C:\Desktop\Game\Audition\Backups\Romeo Hot Dance 1.2(Still Working).rar/RomeoHotDance.exe/ASPack
6/4/2011 9:38:18 PM Deleted: HEUR:Trojan.Win32.Generic C:\Desktop\Game\Audition\Backups\Romeo Hot Dance 1.2(Still Working).rar
6/4/2011 9:38:29 PM Detected: Trojan-Spy.Win32.KeyLogger.lvo C:\Desktop\Game\Audition\Backups\AuditionSea Hack Pack 6054.rar/AuditionAgent/nProtect.dll
6/4/2011 9:38:30 PM Deleted: Trojan-Spy.Win32.KeyLogger.lvo C:\Desktop\Game\Audition\Backups\AuditionSea Hack Pack 6054.rar
6/4/2011 9:56:57 PM Detected: Trojan.Win32.VB.ajtm C:\Documents and Settings\Public\OMFGZ MultiDll Injector\OMFGZ MultiDll Injector.exe
6/4/2011 10:00:37 PM Detected: Worm.Win32.AutoRun.bsul C:\Documents and Settings\† JeFFreY †\AppData\Local\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\AuAgent3.55_passed_hs.rar/UserMgr.exe/UPX
6/4/2011 10:01:26 PM Deleted: Trojan.Win32.VB.ajtm C:\Documents and Settings\Public\OMFGZ MultiDll Injector\OMFGZ MultiDll Injector.exe
6/4/2011 10:01:53 PM Deleted: Worm.Win32.AutoRun.bsul C:\Documents and Settings\† JeFFreY †\AppData\Local\Microsoft\Messenger\[email protected]\Sharing Folders\[email protected]\AuAgent3.55_passed_hs.rar
6/4/2011 10:38:44 PM Detected: Trojan.Win32.Buzus.hhhz C:\Documents and Settings\† JeFFreY †\Downloads\6114.rar/DeathToB_6114.exe
6/4/2011 10:40:35 PM Deleted: Trojan.Win32.Buzus.hhhz C:\Documents and Settings\† JeFFreY †\Downloads\6114.rar
6/4/2011 10:41:15 PM Detected: Trojan-Downloader.Win32.Agent.gjzw C:\Documents and Settings\† JeFFreY †\Downloads\DAA_Setup001c.exe/nProtect.dll/data0000.res
6/4/2011 10:41:27 PM Detected: Trojan-Downloader.Win32.Agent.gjzw C:\Documents and Settings\† JeFFreY †\Downloads\DAA_Setup001c.exe/nProtect.dll/#
6/4/2011 10:41:29 PM Deleted: Trojan-Downloader.Win32.Agent.gjzw C:\Documents and Settings\† JeFFreY †\Downloads\DAA_Setup001c.exe
6/4/2011 10:47:47 PM Detected: Trojan-Dropper.Win32.Agent.cvhy C:\Documents and Settings\† JeFFreY †\Downloads\installers\Alawar Games - Farm Frenzy 3 + Adnan_Boy 2008 + Fixed\Farm Frenzy 3.exe/FarmFrenzy3.exe
6/4/2011 10:49:38 PM Deleted: Trojan-Dropper.Win32.Agent.cvhy C:\Documents and Settings\† JeFFreY †\Downloads\installers\Alawar Games - Farm Frenzy 3 + Adnan_Boy 2008 + Fixed\Farm Frenzy 3.exe
6/4/2011 11:17:55 PM Detected: Trojan-Downloader.Win32.Agent.gjzw C:\Program Files\DeathToB\Audition Agent\DeathToB\Audition Agent\nProtect.dll/data0000.res
6/4/2011 11:19:25 PM Detected: Trojan-Downloader.Win32.Agent.gjzw C:\Program Files\DeathToB\Audition Agent\DeathToB\Audition Agent\nProtect.dll/#
6/4/2011 11:19:25 PM Deleted: Trojan-Downloader.Win32.Agent.gjzw C:\Program Files\DeathToB\Audition Agent\DeathToB\Audition Agent\nProtect.dll
6/5/2011 2:00:44 AM Task completed


and also i have uninstall the iwin games

and then the C:\Desktop is the folder for the files got piled up on my desktop and i decided to set it aside in the c since i think that could be one of the problem why my startup is so slow since my desktop was overloaded with files so i decided to organize them later on,

and may i ask what are those strange files so i could help you verify it

another is that i noticed before that my C has a lot of strange folders with numbers and letters which i didnt created is this somewhat related to it?
should i remove it?
  • 0

#24
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

It seems that there are many malicious files in the folder Desktop in C:
I'd advise you to get what you really want from there and delete the folder. I'm going to delete C:\Desktop\Game as it seems that there are many nasty infections there, but you still have to delete that folder as there are many files I see that weren't detected, but can be dangerous for your computer.

The strange files I'm talking about are the ones in C:\Desktop\Game, which apparently most of the are malicious, a big amount of cracked programs in C:\Desktop again, and many other strange named files.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2010/09/27 23:36:24 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
    FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2011/02/24 23:57:02 | 000,000,000 | ---D | M]


    :Services

    :Reg

    :Files
    C:\Desktop\Game
    C:\Documents and Settings\Public\OMFGZ MultiDll Injector
    C:\Program Files\DeathToB

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


The strange named folders in C:\ are not bad, they're part of tools we use, and we'll delete them at the end.
Can you tell me if the problems still exists on your computer?
  • 0

#25
SiLveR001

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there :)
thanks for replying fast and sorry i forgot to answer the question about the problem
unfortunately the problem still exists like the picture i posted before but other than that the system is working fine like before

Posted Image

there had been no signs of being affected by malware or virus
well aside from the slow startup that has been happening for a while now

and the folder GAME has been completely removed by the OTL
speaking of OTL i have downloaded a new one and it seems alright now when i try to run it
but im wondering why it has been removed before by avast and the site for downloading it has also been blocked
could this be an infection made by the malware

note: im just clarifying things now about the OTL since it seems to be fixed already

and here is the OTL log


OTL logfile created on: 6/5/2011 10:32:45 AM - Run 6
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\† JeFFreY †\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 60.82% Memory free
4.79 Gb Paging File | 3.40 Gb Available in Paging File | 71.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.01 Gb Total Space | 3.08 Gb Free Space | 1.06% Space Free | Partition Type: NTFS
Drive D: | 8.08 Gb Total Space | 1.50 Gb Free Space | 18.51% Space Free | Partition Type: NTFS

Computer Name: JEFFREY-PC | User Name: † JeFFreY † | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 09:52:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\† JeFFreY †\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/19 16:23:41 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\† JeFFreY †\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2011/01/13 16:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 16:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/09 05:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/12/09 03:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/22 07:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 15:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/04/18 23:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 19:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/04 01:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 09:52:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\† JeFFreY †\Desktop\OTL.exe
MOD - [2011/01/13 16:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 23:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/13 16:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/23 20:53:52 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/26 00:47:00 | 003,489,788 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/01/22 07:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 15:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/09/12 07:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/12 07:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/12 06:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/12 06:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/04 01:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 14:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/11 00:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/13 16:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 16:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 16:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 16:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 16:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\64784802.sys -- (64784802)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\61829112.sys -- (61829112)
DRV - [2009/10/09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\6478480.sys -- (setup_9.0.0.722_04.06.2011_06-44drv)
DRV - [2009/10/06 11:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/10/06 11:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\64784801.sys -- (64784801)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\61829111.sys -- (61829111)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/10 14:55:58 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/27 20:44:57 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/07 09:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.drp.su/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.367
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/09 14:24:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/08 16:03:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/27 09:35:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/12 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/12 22:56:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/23 13:02:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/23 13:02:00 | 000,000,000 | ---D | M]

[2008/12/30 20:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Extensions
[2011/06/04 18:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions
[2010/04/28 10:17:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/29 00:45:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/25 23:55:51 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2010/03/21 21:00:19 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2011/03/27 15:22:40 | 000,000,000 | ---D | M] (Personas) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2010/05/13 00:10:56 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\† JeFFreY †\AppData\Roaming\Mozilla\Firefox\Profiles\q1dio9k3.default\extensions\[email protected]
[2011/05/23 13:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/03 22:16:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/25 14:47:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\€  JEFFREY € \APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q1DIO9K3.DEFAULT\EXTENSIONS\[email protected]
[2011/04/15 00:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/12/31 00:33:17 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/29 13:22:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {A1056498-D09A-41E4-864B-505EDD640D9E} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [ProcessTamer] C:\Program Files\ProcessTamer\ProcessTamerTray.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\† JeFFreY †\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_06-44.lnk = C:\Users\† JeFFreY †\Desktop\Virus Removal Tool1\setup_9.0.0.722_04.06.2011_06-44\startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/01 11:00:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 09:52:16 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\† JeFFreY †\Desktop\OTL.exe
[2011/06/04 20:29:58 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6478480.sys
[2011/06/04 20:29:58 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\64784801.sys
[2011/06/04 20:29:58 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\64784802.sys
[2011/06/04 20:29:58 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\Virus Removal Tool1
[2011/06/04 11:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/06/04 11:38:31 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6182911.sys
[2011/06/04 11:38:31 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\61829111.sys
[2011/06/04 11:38:31 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\61829112.sys
[2011/06/04 11:38:31 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\Virus Removal Tool
[2011/06/04 11:32:56 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/04 11:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/04 11:32:51 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/04 11:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/04 11:26:11 | 122,055,056 | ---- | C] ( ) -- C:\Users\† JeFFreY †\Desktop\setup_9.0.0.722_04.06.2011_06-44.exe
[2011/06/03 13:26:26 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\Mimi
[2011/06/03 10:24:33 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\avz4
[2011/06/03 02:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2011/06/03 02:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\osu!
[2011/06/03 02:12:47 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Roaming\Downloaded Installations
[2011/06/01 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\New Folder
[2011/05/31 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\b collection 1
[2011/05/31 09:41:32 | 127,222,215 | ---- | C] (Igor Pavlov) -- C:\Users\† JeFFreY †\Desktop\OTLPENet.exe
[2011/05/30 20:20:12 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\b collection
[2011/05/30 09:06:41 | 098,078,016 | ---- | C] (Igor Pavlov) -- C:\Users\† JeFFreY †\Desktop\OTLPEStd.exe
[2011/05/29 23:28:24 | 000,586,240 | ---- | C] (AVAST Software) -- C:\Users\† JeFFreY †\Desktop\aswMBR.exe
[2011/05/29 23:00:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/29 22:39:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/05/29 18:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/05/29 17:12:24 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/29 15:59:11 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\gmer
[2011/05/29 13:34:02 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\New Folder (2)
[2011/05/29 12:12:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/29 11:42:47 | 000,000,000 | ---D | C] -- C:\Desktop
[2011/05/28 21:12:06 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Local\temp
[2011/05/28 20:32:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/28 20:32:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/28 20:32:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/28 20:32:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/28 20:28:34 | 004,296,757 | R--- | C] (Swearware) -- C:\Users\† JeFFreY †\Desktop\ComboFix.exe
[2011/05/28 19:53:24 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Local\Apple
[2011/05/27 18:00:12 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Local\Adobe
[2011/05/27 17:55:36 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\Desktop\bartpe
[2011/05/23 13:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/05/22 23:09:11 | 000,000,000 | ---D | C] -- C:\Users\† JeFFreY †\AppData\Local\ElevatedDiagnostics
[2011/05/19 20:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,021,387 | ---- | M] () -- C:\Users\† JeFFreY †\Documents\title.jpg
[2049/12/31 16:00:00 | 000,018,370 | ---- | M] () -- C:\Users\† JeFFreY †\Documents\poe1.jpg
[2049/12/31 16:00:00 | 000,005,987 | ---- | M] () -- C:\Users\† JeFFreY †\Documents\tale1.jpg
[2011/06/05 10:04:38 | 000,037,493 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/05 10:04:27 | 000,037,493 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/05 10:00:12 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ca5a13c7ed8130.job
[2011/06/05 10:00:11 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/06/05 10:00:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 10:00:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 09:59:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 09:59:50 | 2682,769,408 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/05 09:52:25 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\† JeFFreY †\Desktop\OTL.exe
[2011/06/05 02:59:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 20:32:09 | 000,002,206 | ---- | M] () -- C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_06-44.lnk
[2011/06/04 11:36:47 | 122,055,056 | ---- | M] ( ) -- C:\Users\† JeFFreY †\Desktop\setup_9.0.0.722_04.06.2011_06-44.exe
[2011/06/04 11:32:57 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 21:23:20 | 000,177,220 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\6298b30b5d_71900837_o2.jpg
[2011/06/03 21:15:10 | 000,548,987 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\R4492.png
[2011/06/03 21:09:29 | 000,493,081 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\V5004_0.png
[2011/06/03 21:08:51 | 000,389,705 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\V0440.png
[2011/06/03 14:50:27 | 008,824,727 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\My Soul Your Beats.mp3
[2011/06/03 14:49:07 | 009,176,989 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\My Soul Your Beats (Yui).mp3
[2011/06/03 14:37:21 | 008,946,072 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\My Soul Your Beats (Lia&Lisa).mp3
[2011/06/03 02:17:53 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\osu!.lnk
[2011/06/02 23:57:55 | 006,175,589 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\avz4.zip
[2011/06/02 02:03:21 | 000,000,512 | ---- | M] () -- C:\mbr.dat
[2011/05/31 10:32:47 | 000,613,034 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/31 10:32:47 | 000,107,608 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/31 09:52:17 | 127,222,215 | ---- | M] (Igor Pavlov) -- C:\Users\† JeFFreY †\Desktop\OTLPENet.exe
[2011/05/30 09:14:34 | 098,078,016 | ---- | M] (Igor Pavlov) -- C:\Users\† JeFFreY †\Desktop\OTLPEStd.exe
[2011/05/30 09:07:00 | 000,515,892 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\eeepcfr.zip
[2011/05/29 23:28:31 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Users\† JeFFreY †\Desktop\aswMBR.exe
[2011/05/29 22:36:02 | 000,133,632 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\RKUnhookerLE.EXE
[2011/05/29 15:02:24 | 000,165,676 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\qwert.jpg
[2011/05/29 13:22:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/29 12:07:45 | 000,132,597 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\Flash_Disinfector.exe
[2011/05/29 11:59:34 | 000,000,396 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\Desktop.lnk
[2011/05/29 11:56:43 | 000,000,021 | ---- | M] () -- C:\Config.ini
[2011/05/29 11:47:02 | 000,092,672 | ---- | M] () -- C:\Users\† JeFFreY †\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 20:29:23 | 004,296,757 | R--- | M] (Swearware) -- C:\Users\† JeFFreY †\Desktop\ComboFix.exe
[2011/05/27 18:00:15 | 000,000,004 | ---- | M] () -- C:\VERSION.CFG
[2011/05/27 08:34:07 | 000,001,985 | ---- | M] () -- C:\Users\† JeFFreY †\Desktop\RockMelt.lnk
[2011/05/27 08:34:07 | 000,001,947 | ---- | M] () -- C:\Users\† JeFFreY †\Application Data\Microsoft\Internet Explorer\Quick Launch\RockMelt.lnk
[2011/05/25 18:53:00 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/23 13:02:10 | 000,000,832 | ---- | M] () -- C:\Users\† JeFFreY †\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/23 13:02:10 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/18 07:01:18 | 000,000,905 | ---- | M] () -- C:\Users\† JeFFreY †\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/18 06:59:48 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011/05/17 13:41:39 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/17 13:41:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/17 13:41:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== Files Created - No Company Name ==========

[2011/06/04 11:40:22 | 000,002,206 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.06.2011_06-44.lnk
[2011/06/04 11:32:57 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 21:23:24 | 000,177,220 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\6298b30b5d_71900837_o2.jpg
[2011/06/03 21:15:12 | 000,548,987 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\R4492.png
[2011/06/03 21:09:31 | 000,493,081 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\V5004_0.png
[2011/06/03 21:09:03 | 000,389,705 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\V0440.png
[2011/06/03 14:50:02 | 008,824,727 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\My Soul Your Beats.mp3
[2011/06/03 14:48:36 | 009,176,989 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\My Soul Your Beats (Yui).mp3
[2011/06/03 14:36:57 | 008,946,072 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\My Soul Your Beats (Lia&Lisa).mp3
[2011/06/03 02:17:53 | 000,000,728 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk
[2011/06/02 02:03:21 | 000,000,512 | ---- | C] () -- C:\mbr.dat
[2011/06/01 23:57:37 | 006,175,589 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\avz4.zip
[2011/05/30 09:06:48 | 000,515,892 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\eeepcfr.zip
[2011/05/29 22:34:38 | 000,133,632 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\RKUnhookerLE.EXE
[2011/05/29 15:02:23 | 000,165,676 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\qwert.jpg
[2011/05/29 12:07:42 | 000,132,597 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\Flash_Disinfector.exe
[2011/05/29 11:59:34 | 000,000,396 | ---- | C] () -- C:\Users\† JeFFreY †\Desktop\Desktop.lnk
[2011/05/28 20:32:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/28 20:32:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/28 20:32:24 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/28 20:32:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/28 20:32:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/23 13:02:10 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/17 13:41:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/11/19 22:49:34 | 000,037,493 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/11/19 22:49:32 | 000,037,493 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/10/30 16:44:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2010/03/30 13:55:27 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_processtamer_InstallInfo.dat
[2010/03/30 13:55:27 | 000,000,046 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\DonationCoder_processtamer_InstallInfo.dat
[2010/03/14 00:46:49 | 000,001,025 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/11 15:54:56 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/03/11 15:54:56 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/03/08 16:02:57 | 000,023,090 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/09/11 18:50:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/11 18:50:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/04 08:12:54 | 000,026,340 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Roaming\UserTile.png
[2009/08/16 22:45:35 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/07/01 16:30:54 | 000,008,620 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\d3d9caps.dat
[2009/05/26 23:29:29 | 000,164,978 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/05/10 16:45:15 | 000,008,553 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/05/03 13:53:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/01/14 15:09:40 | 000,000,003 | ---- | C] () -- C:\ProgramData\NOD.dll
[2009/01/06 15:54:53 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009/01/03 19:56:46 | 000,137,623 | ---- | C] () -- C:\Windows\HPHins15.dat
[2009/01/02 23:32:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/02 11:00:59 | 000,092,672 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/02 09:51:43 | 000,000,552 | ---- | C] () -- C:\Users\† JeFFreY †\AppData\Local\d3d8caps.dat
[2009/01/01 10:52:01 | 000,000,004 | ---- | C] () -- C:\Windows\System32\XPerWin.dll
[2009/01/01 10:51:57 | 000,000,037 | ---- | C] () -- C:\Windows\System32\xsystem.dll
[2007/08/01 10:52:09 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/08/01 10:27:33 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/08/01 10:25:07 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/08/01 10:25:07 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/06/07 16:56:07 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/05/14 20:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 14:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 14:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 20:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 20:47:37 | 000,506,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 20:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 18:33:01 | 000,613,034 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 18:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 18:33:01 | 000,107,608 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 18:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 18:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 16:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 16:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 15:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 15:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/24 01:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/12/08 15:19:22 | 000,061,440 | ---- | C] () -- C:\Windows\System32\EGamesPlugin.dll
[2005/12/08 15:19:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\EGameEncrypt.dll

========== LOP Check ==========

[2010/11/20 21:30:24 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\2K Sports
[2010/06/23 22:04:56 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Autodesk
[2009/03/28 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Boolat Games
[2009/07/27 21:35:51 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\DAEMON Tools Lite
[2010/03/30 13:55:28 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\DonationCoder
[2011/06/03 02:12:47 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Downloaded Installations
[2010/03/10 20:46:43 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Facebook
[2010/07/28 21:07:58 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\FreeFLVConverter
[2010/05/03 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\freshgames
[2009/01/26 07:10:19 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\GameHouse
[2010/04/04 20:57:04 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\GlarySoft
[2011/04/10 09:21:59 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Hotdog Hotshot
[2009/02/12 22:12:40 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Image Zone Express
[2010/11/07 15:24:34 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\InterTrust
[2010/04/24 00:23:14 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\LimeWire
[2008/12/30 17:34:41 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\MRTalk
[2009/03/01 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Nexon
[2010/08/26 17:49:13 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Nokia
[2011/04/14 03:13:15 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Opera
[2009/08/25 20:40:22 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\PC Suite
[2009/09/04 08:12:53 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\PeerNetworking
[2009/02/12 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Printer Info Cache
[2011/03/22 01:40:44 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Publish Providers
[2011/03/18 20:07:24 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Rovio
[2011/03/22 01:50:35 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Sony
[2011/05/29 23:10:04 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\uTorrent
[2008/12/31 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\WinBatch
[2011/05/04 16:05:59 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\WindSolutions
[2009/05/03 14:37:54 | 000,000,000 | ---D | M] -- C:\Users\† JeFFreY †\AppData\Roaming\Zen of Sudoku
[2011/06/05 10:00:11 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/06/05 09:58:34 | 000,032,624 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:DDEB08FD
@Alternate Data Stream - 305 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9547F1DB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B557E3E7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B0E38115
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A18121AD
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:04BB186B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:3F6BE44B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A5264343
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8511DA13
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:84512B49
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BDD0820
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:DA3C6C07
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >


as of my current status after this procedure, it is the same as before with the firewall malfunctioning and the network with an X mark on the computer
i tried to start up the Diagnostics Policy Service again but it seems i still keep on getting the same error
oh if screenshots could help i could provide images on what happens when i try to fix them both

Edited by SiLveR001, 04 June 2011 - 10:05 PM.

  • 0

Advertisements


#26
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Are you connected to the internet using a wireless or wired connection?

Let's see what the events have to say

  • Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
  • Double-click VEW.exe
  • Under 'Select log to query', select (as appropriate):
    • Application
    • System
  • Under 'Select type to list', select (as appropriate):
    • Error
    • Information
    • Warning
Then use the 'Date of events' or 'Number of events' as follows:

Either:
  • Click the radio button for 'Number of events'
    Type 3 in the 1 to 20 box (or any number from 1 to 20)
    Then click the Run button.
    Notepad will open with the output log.

  • Click the radio button for 'Date of events'
    In the From: boxes type today's date (presuming the crash happened today) 13 07 2009
    In the To: boxes type today's date (presuming the crash happened today) 13 07 2009
    Then click the Run button.
    Notepad will open with the output log.
Please post the Output log in your next reply


Next:
Please go to Device manager (instructions here) and tell me if there's any yellow question mark (?) or exclamation mark (!) on any device, like this:

Posted Image
  • 0

#27
SiLveR001

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there :)

thanks for replying fast,

i believe im using a wireless connection though i also have the wired just in case the wireless would fail

then here is the log for VEW


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 06/06/2011 10:12:18 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/06/2011 1:53:02 AM
Type: Error Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070422

Log: 'Application' Date/Time: 06/06/2011 1:48:03 AM
Type: Error Category: 0
Event: 12289 Source: VSS
Volume Shadow Copy Service error: Unexpected error RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005.

Operation:
Initializing Writer

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7ccafa44-828e-4012-aad9-c10d37e7a27f}

Log: 'Application' Date/Time: 05/06/2011 7:39:03 PM
Type: Error Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070422

Log: 'Application' Date/Time: 05/06/2011 7:27:21 PM
Type: Error Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070422

Log: 'Application' Date/Time: 05/06/2011 7:15:21 PM
Type: Error Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070422

Log: 'Application' Date/Time: 05/06/2011 7:02:43 PM
Type: Error Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070422

Log: 'Application' Date/Time: 05/06/2011 6:50:40 PM
Type: Error Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070422

Log: 'Application' Date/Time: 05/06/2011 6:37:11 PM
Type: Error Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070422

Log: 'Application' Date/Time: 05/06/2011 6:23:42 PM
Type: Error Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070422

Log: 'Application' Date/Time: 05/06/2011 6:10:19 PM
Type: Error Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x80070422

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/06/2011 2:00:45 AM
Type: Information Category: 0
Event: 0 Source: gupdate1c9e6899f40c30b
The event description cannot be found.

Log: 'Application' Date/Time: 06/06/2011 1:59:01 AM
Type: Information Category: 0
Event: 0 Source: gupdate1c9e6899f40c30b
The event description cannot be found.

Log: 'Application' Date/Time: 06/06/2011 1:53:10 AM
Type: Information Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: success

The next run has been scheduled to occur at approximately 1:23 PM.

Log: 'Application' Date/Time: 06/06/2011 1:53:10 AM
Type: Information Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: success

Automatic LiveUpdate has terminated.

Log: 'Application' Date/Time: 06/06/2011 1:53:02 AM
Type: Information Category: 1
Event: 101 Source: Automatic LiveUpdate Scheduler
Information Level: success

Scheduler launched Automatic LiveUpdate.

Log: 'Application' Date/Time: 06/06/2011 1:52:36 AM
Type: Information Category: 0
Event: 0 Source: ServiceLayer
The event description cannot be found.

Log: 'Application' Date/Time: 06/06/2011 1:52:31 AM
Type: Information Category: 0
Event: 0 Source: iPod Service
The event description cannot be found.

Log: 'Application' Date/Time: 06/06/2011 1:52:20 AM
Type: Information Category: 2
Event: 4202 Source: Microsoft-Windows-MSDTC 2
MSDTC started with the following settings:

Security Configuration (OFF = 0 and ON = 1):
Allow Remote Administrator = 0,
Network Clients = 0,
Trasaction Manager Communication:
Allow Inbound Transactions = 0,
Allow Outbound Transactions = 0,
Transaction Internet Protocol (TIP) = 0,
Enable XA Transactions = 0,
MSDTC Communications Security = Mutual Authentication Required,
Account = NT AUTHORITY\NetworkService,
Firewall Exclusion Detected = 0

Transaction Bridge Installed = 0
Filtering Duplicate Events = 1


Log: 'Application' Date/Time: 06/06/2011 1:52:12 AM
Type: Information Category: 0
Event: 0 Source: HP Health Check Service
Service started successfully.

Log: 'Application' Date/Time: 06/06/2011 1:51:42 AM
Type: Information Category: 0
Event: 0 Source: gupdate1c9e6899f40c30b
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/06/2011 7:47:55 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-4081209011-159311198-1283252144-1001:
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 4720 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\My
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\CA
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\trust
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Root
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates


Log: 'Application' Date/Time: 03/06/2011 12:33:02 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-4081209011-159311198-1283252144-1001:
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\CA
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\trust
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Root
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates


Log: 'Application' Date/Time: 02/06/2011 6:35:08 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-4081209011-159311198-1283252144-1001_Classes:
Process 1016 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001_CLASSES


Log: 'Application' Date/Time: 02/06/2011 6:35:04 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 16 user registry handles leaked from \Registry\User\S-1-5-21-4081209011-159311198-1283252144-1001:
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 1016 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\My
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\CA
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\trust
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Root
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates


Log: 'Application' Date/Time: 02/06/2011 6:35:15 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-4081209011-159311198-1283252144-1001:
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\My
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\CA
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\trust
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Root
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2884 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates


Log: 'Application' Date/Time: 31/05/2011 3:58:33 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-4081209011-159311198-1283252144-1001:
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\My
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\CA
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\trust
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Root
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2900 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates


Log: 'Application' Date/Time: 30/05/2011 7:22:27 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-4081209011-159311198-1283252144-1001_Classes:
Process 1632 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 30/05/2011 7:22:22 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-4081209011-159311198-1283252144-1001:
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\My
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\CA
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\trust
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Root
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2892 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates


Log: 'Application' Date/Time: 29/05/2011 8:56:41 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-4081209011-159311198-1283252144-1001:
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\My
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\CA
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\trust
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Root
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2976 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates


Log: 'Application' Date/Time: 29/05/2011 5:24:56 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-4081209011-159311198-1283252144-1001:
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\My
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\CA
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\trust
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Microsoft\SystemCertificates\Root
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates
Process 2940 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4081209011-159311198-1283252144-1001\Software\Policies\Microsoft\SystemCertificates


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/06/2011 2:00:42 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The DHCP Client service terminated with the following error: Access is denied.

Log: 'System' Date/Time: 06/06/2011 2:00:42 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The operation completed successfully.

Log: 'System' Date/Time: 06/06/2011 1:59:07 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The DHCP Client service terminated with the following error: Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:59:07 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The operation completed successfully.

Log: 'System' Date/Time: 06/06/2011 1:59:05 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The DHCP Client service terminated with the following error: Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:59:05 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The operation completed successfully.

Log: 'System' Date/Time: 06/06/2011 1:59:02 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The DHCP Client service terminated with the following error: Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:59:02 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The operation completed successfully.

Log: 'System' Date/Time: 06/06/2011 1:51:52 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The DHCP Client service terminated with the following error: Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:51:52 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The operation completed successfully.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/06/2011 2:03:56 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Modules Installer service entered the stopped state.

Log: 'System' Date/Time: 06/06/2011 2:01:00 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Problem Reports and Solutions Control Panel Support service entered the stopped state.

Log: 'System' Date/Time: 06/06/2011 2:00:56 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Problem Reports and Solutions Control Panel Support service entered the running state.

Log: 'System' Date/Time: 06/06/2011 2:00:45 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdate1c9e6899f40c30b) service entered the stopped state.

Log: 'System' Date/Time: 06/06/2011 2:00:42 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The DHCP Client service entered the stopped state.

Log: 'System' Date/Time: 06/06/2011 1:59:07 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The DHCP Client service entered the stopped state.

Log: 'System' Date/Time: 06/06/2011 1:59:05 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The DHCP Client service entered the stopped state.

Log: 'System' Date/Time: 06/06/2011 1:59:02 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The DHCP Client service entered the stopped state.

Log: 'System' Date/Time: 06/06/2011 1:59:02 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Google Update Service (gupdate1c9e6899f40c30b) service entered the running state.

Log: 'System' Date/Time: 06/06/2011 1:59:01 AM
Type: Information Category: 0
Event: 10029 Source: Microsoft-Windows-DistributedCOM
DCOM started the service gupdate1c9e6899f40c30b with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/06/2011 2:00:42 AM
Type: Warning Category: 0
Event: 1004 Source: Microsoft-Windows-Dhcp-Client
The DHCP Client service is shutting down. The following error occurred : Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:59:07 AM
Type: Warning Category: 0
Event: 1004 Source: Microsoft-Windows-Dhcp-Client
The DHCP Client service is shutting down. The following error occurred : Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:59:05 AM
Type: Warning Category: 0
Event: 1004 Source: Microsoft-Windows-Dhcp-Client
The DHCP Client service is shutting down. The following error occurred : Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:59:02 AM
Type: Warning Category: 0
Event: 1004 Source: Microsoft-Windows-Dhcp-Client
The DHCP Client service is shutting down. The following error occurred : Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:51:52 AM
Type: Warning Category: 0
Event: 1004 Source: Microsoft-Windows-Dhcp-Client
The DHCP Client service is shutting down. The following error occurred : Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:49:48 AM
Type: Warning Category: 0
Event: 1004 Source: Microsoft-Windows-Dhcp-Client
The DHCP Client service is shutting down. The following error occurred : Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:49:46 AM
Type: Warning Category: 0
Event: 1004 Source: Microsoft-Windows-Dhcp-Client
The DHCP Client service is shutting down. The following error occurred : Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:49:43 AM
Type: Warning Category: 0
Event: 1004 Source: Microsoft-Windows-Dhcp-Client
The DHCP Client service is shutting down. The following error occurred : Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:49:41 AM
Type: Warning Category: 0
Event: 1004 Source: Microsoft-Windows-Dhcp-Client
The DHCP Client service is shutting down. The following error occurred : Access is denied.

Log: 'System' Date/Time: 06/06/2011 1:49:38 AM
Type: Warning Category: 0
Event: 1004 Source: Microsoft-Windows-Dhcp-Client
The DHCP Client service is shutting down. The following error occurred : Access is denied.


then about the device manager i dont find any device that has those warnings
  • 0

#28
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image
Registry Modifications



Next:
  • Click Start, click Run, type regedit in the Open box, and then click OK.
  • Locate and then right-click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp

  • Click Permissions, click Add, type network service, and then click OK.
  • Click to select the Full Control check box in the Allow column of the Permissions for NETWORK SERVICE box, and then click OK.
  • Locate and then right-click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip

  • Click Permissions, click Add, type network service, and then click OK.
  • Click to select the Full Control check box in the Allow column of the Permissions for NETWORK SERVICE box, and then click OK.




Also please go here and download the tool, and run it

Reboot and then tell me if that worked for the Internet problem

Edited by michaelg9, 06 June 2011 - 08:33 AM.

  • 0

#29
SiLveR001

SiLveR001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
hi there :)

i tried the procedure but unfortunately that didnt hit the spot again

the problem still remains and i still got the two X marks

and also for the fix it i run into a problem and i couldnt run it

the image is shown below:

Posted Image
  • 0

#30
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Strange...
Click Start > Run and type services.msc
From the list find the service named DHCP Client .
Right click it and select start.
At startup type select Automatic

I don't expect that to work, probably it will display an error message, and if it does, tell me what it writes



Next:
Go to start > All Prograns > Accessories
Right click Command Prompt and select Run as Admininstator
Then type:

sfc /scannow

Allow it to finish and tell me what it will tell you
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP