Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

the Geek Squad says I have 19 viruses


  • Please log in to reply

#16
BVB

BVB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/09/2011 2:22:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/09/2011 6:20:55 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {d22aa567-14c8-44d0-971d-1c136ef70a0e}

Log: 'Application' Date/Time: 27/09/2011 9:59:27 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 27/09/2011 7:11:12 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {f25eaba0-7979-4abd-9675-246cc9b6f1a3}

Log: 'Application' Date/Time: 21/09/2011 6:53:00 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x00049949 Faulting process id: 0xa8 Faulting application start time: 0x01cc78888b8528da Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: ed369d2e-e482-11e0-88b6-e0cb4e642a13

Log: 'Application' Date/Time: 21/09/2011 6:52:51 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process id: 0xa8 Faulting application start time: 0x01cc78888b8528da Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: e76ce69c-e482-11e0-88b6-e0cb4e642a13

Log: 'Application' Date/Time: 21/09/2011 4:48:14 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Skype.exe, version: 5.3.0.120, time stamp: 0x4df89ed9 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting process id: 0xd1c Faulting application start time: 0x01cc787de74a72bb Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 7f01a449-e471-11e0-88b6-e0cb4e642a13

Log: 'Application' Date/Time: 21/09/2011 4:24:51 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x0005afd9 Faulting process id: 0x95c Faulting application start time: 0x01cc785716540678 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: 3a675603-e46e-11e0-88b6-e0cb4e642a13

Log: 'Application' Date/Time: 21/09/2011 12:25:25 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process id: 0x95c Faulting application start time: 0x01cc785716540678 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: c7b572c7-e44c-11e0-88b6-e0cb4e642a13

Log: 'Application' Date/Time: 19/09/2011 6:09:18 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {a96be55f-0896-4677-a540-3d9f316c95a9}

Log: 'Application' Date/Time: 17/09/2011 12:22:18 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process id: 0x764 Faulting application start time: 0x01cc7532d7029c10 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: aeea209e-e127-11e0-8d69-e0cb4e642a13

Log: 'Application' Date/Time: 16/09/2011 2:13:07 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {3a873aef-c95a-4b32-b1ec-b9070af8e0cc}

Log: 'Application' Date/Time: 09/09/2011 5:06:09 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x00057f95 Faulting process id: 0xea8 Faulting application start time: 0x01cc6e4f1b4cddb1 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: 02dccc27-db06-11e0-9d39-e0cb4e642a13

Log: 'Application' Date/Time: 09/09/2011 2:39:56 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x000132d6 Faulting process id: 0xea8 Faulting application start time: 0x01cc6e4f1b4cddb1 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: 003e26cf-da8d-11e0-9d39-e0cb4e642a13

Log: 'Application' Date/Time: 08/09/2011 11:43:14 AM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {8914b108-5ac6-4bcb-b7c3-9e9f1fd1a80d}

Log: 'Application' Date/Time: 31/08/2011 8:40:37 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: FBAgent.exe, version: 1.0.4.0, time stamp: 0x4ab1aea2 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c8f9 Exception code: 0xc0000374 Fault offset: 0x00000000000c40f2 Faulting process id: 0x494 Faulting application start time: 0x01cc6662af93e9c2 Faulting application path: C:\Windows\system32\FBAgent.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7b103c67-d411-11e0-99d8-e0cb4e642a13

Log: 'Application' Date/Time: 27/08/2011 3:36:07 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x00627be3 Faulting process id: 0xe6c Faulting application start time: 0x01cc62563ae3f844 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: b21f0e31-d05d-11e0-992e-e0cb4e642a13

Log: 'Application' Date/Time: 26/08/2011 12:37:39 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e0b64152-a5ff-41e7-86a1-08ed87c15815}

Log: 'Application' Date/Time: 25/08/2011 11:23:55 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x000132d6 Faulting process id: 0xe6c Faulting application start time: 0x01cc62563ae3f844 Faulting application path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Report Id: b7b4e829-cf0c-11e0-992e-e0cb4e642a13

Log: 'Application' Date/Time: 22/08/2011 5:17:48 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(.DEFAULT). hr = 0x80070539, The security ID structure is invalid. .

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {de131dbe-d3ca-49f6-8006-202446692b80}

Log: 'Application' Date/Time: 15/08/2011 7:32:42 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Local Hostname owner-PC.local already in use; will try owner-PC-2.local instead

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 27/09/2011 7:35:53 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1240 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer


Log: 'Application' Date/Time: 27/09/2011 7:24:55 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES


Log: 'Application' Date/Time: 27/09/2011 7:24:54 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 47 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1308 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1308 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\My
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\My
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\My
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\CA
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\CA
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\CA
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\trust
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\trust
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\trust
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 952 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Root
Process 1116 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Root
Process 1620 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Root


Log: 'Application' Date/Time: 27/09/2011 2:04:34 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 988 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES


Log: 'Application' Date/Time: 27/09/2011 2:04:33 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1156 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer


Log: 'Application' Date/Time: 25/09/2011 9:01:31 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 4 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001


Log: 'Application' Date/Time: 25/09/2011 2:22:41 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES
Process 984 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES


Log: 'Application' Date/Time: 25/09/2011 2:22:39 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies
Process 1136 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3260 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Internet Explorer\Main


Log: 'Application' Date/Time: 21/09/2011 8:45:30 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 860 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES


Log: 'Application' Date/Time: 21/09/2011 8:45:29 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 4 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1164 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1164 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1164 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1164 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001


Log: 'Application' Date/Time: 20/09/2011 2:13:37 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1272 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer


Log: 'Application' Date/Time: 20/09/2011 1:09:02 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 660 (\Device\HarddiskVolume2\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES


Log: 'Application' Date/Time: 20/09/2011 1:09:02 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1192 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer


Log: 'Application' Date/Time: 16/09/2011 2:12:49 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1248 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001


Log: 'Application' Date/Time: 10/09/2011 8:20:19 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 17 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1172 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1172 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\My
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\CA
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Policies\Microsoft\SystemCertificates
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\trust
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1596 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\SystemCertificates\Root


Log: 'Application' Date/Time: 03/09/2011 10:37:23 PM
Type: Warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. Check the routing rule configuration. Country/region code: '*' Area code: '*'

Log: 'Application' Date/Time: 03/09/2011 10:37:23 PM
Type: Warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices. No faxes can be sent or received until a fax device is installed.

Log: 'Application' Date/Time: 03/09/2011 2:03:27 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 1592 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES


Log: 'Application' Date/Time: 03/09/2011 2:03:26 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001:
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Process 1180 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001\Software\Microsoft\Windows\CurrentVersion\Explorer


Log: 'Application' Date/Time: 02/09/2011 2:33:06 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3955990078-4111042486-1075932403-1001_Classes:
Process 1548 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-3955990078-4111042486-1075932403-1001_CLASSES
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Log: 'System' Date/Time: 28/09/2011 7:38:07 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 0 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 86398 seconds since the last report.

This is almost always caused by the CPU getting too hot. It goes into self protection mode and slows down. This is usually caused by dust build up but can also be because of a bad fan or blocked air vent.

This needs to be fixed first then we can worry about the other events. A vacuum cleaner hose and a soft brush should be used on a desktop. Turn it off but leave it plugged up. Open it up and suck all the dust out. Pay special attention to the CPU heatsink. Turn it on and verify that the CPU and power supply fans start up quickly and do not make noise.

On a laptop try sucking out the dust from each vent. Listen for the fan when it starts up.

Ron

PS. On a trip this week. Replies may be slow.
  • 0

#18
BVB

BVB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok... I have a laptop so I will vacuum the vents soon. I'm also traveling this week so it's ok if we're slow for a few days. Then what will be next? I really appreciate your help.

Also - this might be silly and I don't know if it's related to the tests I've been running, but my date format in all of my folders and documents just switched. For example, October 3, 2011 should read 10/03/2011 but now it's reading 03/10/2011. In other words - instead of being in month/day/year format it's not day/month/year. Could this have been a result of one of those tests?
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
I'm back from my trip. Sorry for the delay.

For the heat problem on a laptop: Try speedfan

http://www.almico.com/sfdownload.php

Download, save and run it and check Automatic Fan Control. Leave it running and see if the temps drop. What it does if it works is turn the fan on full which seems to help. Also prop up the back of the laptop with a book (don't block the vents). If it's like my daughter's Dell laptop which I worked on this week it uses a heat pipe to transmit heat from the CPU to the heatsink. I don't think it works all that well. Propping it up in the back let's the heat rise to the heatsink which should make it cool a bit better.


Don't know why the date format changed but there should be an icon in the Control Panel called Regional and Language Options. (At least that is its name in Vista) It should allow you to put the date format back the way you want it.

Ron
  • 0

#20
BVB

BVB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I did the fan thing. I can't tell if it's helping or not. Shouldn't the computer regulate its own temperature effectively? I'm just wondering if there's a way to prove if this is the problem, because I do have the hardware plan at Best Buy (where I bought the computer) that is supposed to cover any problems with the hardware.

I also vacuumed all the vents. The computer is still having the same problems. Skype wouldn't work at all today, and my webcam sometimes seems to be stuck, meaning that it's not working but the webcam light stays on.

I hope this doesn't take us back to square one, but I realized that on the first few scans you told me to do, I was running them right from the Download box, instead of moving them to the Desktop and running as Administrator. Would that make a difference in the results? I thought that I was running it the only way I could by doing it directly from the Download box, but then on the last one I realized I could "Run as Administrator" by moving it to the Desktop first. Do I need to go back and do them again?
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
You would think the PC would regulate its own temp but it seems a lot of them forget how to do that.

What does Speedfan say the temps are now? If it is still running hot then I think I would take it back to Best Buy as it is definitely a hardware problem.

As long as the scan works it doesn't matter that you ran it from the wrong place.

Ron
  • 0

#22
BVB

BVB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
SpeedFan lists four different temperatures... I guess you know what they each mean? :) The readings are ranging like this... HD0: 30-31C; Temp1: 52-53C (and there is a little fire symbol next to it!); Core 0: 35-37C; Core 1: 35-37C. The HD0, Core0 and Core1 all have a blue arrow pointing down next to them. I guess that the fire symbol means that Temp1 is too hot?? If I take it back to Best Buy, how can I be specific about what is too hot? Or should they know if I just show them Speed Fan?
So - you think that the heat is the only problem? Any theories on how/why they tried to tell me I had viruses? I just wonder what they're seeing... and how I can convince them that's not the problem.
  • 0

#23
BVB

BVB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Also, says CPU Fan 2170 RPM. And - the temps are rising. HD0: 35C, Temp1: 55C, Core0: 38C, Core1: 38C
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Under 50 is recommended but 52-53C is not that bad.


What does it say if you uncheck the Automatic Fan Speed box and let it run for a while with an anti-virus scan or movie running? That is what I would show them.


If you click on Configure it will tell you more about each temp and which chip is reporting the temp.

I have no idea why they think you have 19 viruses unless the program they are using to detect them is faulty or they are just trying to get you to spend $200. I suppose they might be running something like Spybot or SuperAntispyware which is reporting tracking cookies and they don't know the difference. You might run Spybot - Search & Destroy©® 1.6.2
http://www.safer-net...load/index.html
before you take it in and let it remove the tracking cookies. (Don't let it immunize your system).

Ron
  • 0

#25
BVB

BVB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi again, Ron...
I haven't had a chance to take it back in yet to investigate the potential fan problem, but I was having trouble getting into my VPN this morning and I noticed that Kaspersky now says it has found two threats. One says virus HEUR:Trojan.Script.Iframer and the other says virus HEUR:Exploit.Script.Generic. Do these mean anything to you? It also says that they found four suspicious events, including things like malicious URL http://znbs.fbdirect.info
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Looks like you might have hit a bad website.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


We never finished this one up.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week. Make very sutre that you hvae no olde versions of Java: First go into Control Panel, Add/Remove Software (Programs and Features on newer Windows) remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#27
BVB

BVB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL logfile created on: 10/26/2011 8:29:24 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.97 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 45.37% Memory free
5.93 Gb Paging File | 4.19 Gb Available in Paging File | 70.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.44 Gb Total Space | 238.40 Gb Free Space | 84.11% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/26 06:42:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/24 14:57:56 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2011/09/07 18:14:04 | 000,161,336 | ---- | M] (Google) -- C:\Users\owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/08/03 15:44:18 | 000,196,536 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe
PRC - [2011/08/03 15:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/08/18 11:58:14 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/30 00:08:34 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/09/24 16:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/09/15 20:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/08/19 23:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/08/17 12:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/08/12 17:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/24 15:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/18 18:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 23:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 06:42:32 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/26 06:42:29 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/24 16:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/09/15 20:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/06/15 13:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 20:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/17 14:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/08/03 15:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/08/18 11:58:14 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/03 15:27:28 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/19 16:04:00 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/12/30 00:08:22 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/11/03 19:33:44 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/10/29 01:54:29 | 000,692,736 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV:64bit: - [2009/10/15 04:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/14 23:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/04 20:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/02 21:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/01 17:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/08/23 00:08:07 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/08/06 16:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 04:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/09 03:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/18 15:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 20:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/12/08 20:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2011/03/18 11:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.c...t&ltmplcache=2"
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736


FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\owner\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/26 06:42:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/29 20:56:38 | 000,000,000 | ---D | M]

[2010/02/19 17:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2011/09/07 06:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\d6cx1l70.default\extensions
[2011/08/15 10:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/29 20:56:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/08/15 10:38:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/02/19 17:44:25 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D6CX1L70.DEFAULT\EXTENSIONS\[email protected]
[2011/10/26 06:42:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 06:42:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/27 14:26:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://doorway.lmu....ries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ECA7D80-6FA0-44B0-B1F5-331055DBF357}: DhcpNameServer = 10.61.32.1 1.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE870699-82E2-4008-9D8C-7DD8FA3526FF}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/13 06:50:22 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 06:50:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 06:50:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 06:50:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 06:50:16 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/13 06:50:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 06:50:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 06:50:15 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/13 06:50:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/12 20:20:27 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/12 20:20:27 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/12 20:20:26 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/12 20:20:26 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/12 20:19:50 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/12 20:19:50 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/10 13:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/10 13:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/10 13:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/10/09 20:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/09 20:00:11 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.51.2.1300(1).exe
[2011/10/09 19:55:44 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/10/09 19:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011/10/09 19:55:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2011/09/29 14:09:38 | 000,061,440 | ---- | C] ( ) -- C:\Users\owner\Desktop\VEW(1).exe
[2011/09/27 15:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/09/27 14:36:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/27 14:33:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/27 14:10:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/27 14:10:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/27 14:10:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/27 14:10:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/27 14:10:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2008/08/12 00:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/26 20:20:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 20:12:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3955990078-4111042486-1075932403-1001UA.job
[2011/10/26 20:11:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/26 14:04:02 | 000,002,014 | -H-- | M] () -- C:\Users\owner\Documents\Default.rdp
[2011/10/26 13:25:09 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 13:25:09 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 13:20:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/26 13:17:04 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/10/26 12:54:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3955990078-4111042486-1075932403-1001Core.job
[2011/10/26 06:43:36 | 000,002,058 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/26 06:42:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/13 13:20:54 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/13 13:20:54 | 000,624,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/13 13:20:54 | 000,106,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/13 07:43:54 | 000,001,435 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/10/13 07:24:05 | 000,342,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/10 14:16:34 | 000,028,559 | ---- | M] () -- C:\Users\owner\Desktop\4B5mpSXz.htm.part.htm
[2011/10/09 20:00:21 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\owner\Desktop\mbam-setup-1.51.2.1300(1).exe
[2011/10/09 19:56:41 | 000,001,013 | ---- | M] () -- C:\Users\owner\Desktop\SpeedFan.lnk
[2011/10/09 19:56:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2011/10/09 19:55:20 | 002,096,600 | ---- | M] () -- C:\Users\owner\Desktop\installspeedfan444.exe
[2011/10/05 21:14:44 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/29 14:09:38 | 000,061,440 | ---- | M] ( ) -- C:\Users\owner\Desktop\VEW(1).exe
[2011/09/28 06:59:45 | 000,018,432 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/27 14:49:11 | 000,000,512 | ---- | M] () -- C:\Users\owner\Desktop\MBR.dat
[2011/09/27 14:26:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/10 14:16:33 | 000,028,559 | ---- | C] () -- C:\Users\owner\Desktop\4B5mpSXz.htm.part.htm
[2011/10/09 19:55:54 | 000,001,013 | ---- | C] () -- C:\Users\owner\Desktop\SpeedFan.lnk
[2011/10/09 19:55:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2011/10/09 19:55:19 | 002,096,600 | ---- | C] () -- C:\Users\owner\Desktop\installspeedfan444.exe
[2011/09/27 14:49:11 | 000,000,512 | ---- | C] () -- C:\Users\owner\Desktop\MBR.dat
[2011/09/27 14:10:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/27 14:10:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/27 14:10:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/27 14:10:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/27 14:10:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/25 16:14:24 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2010/11/11 07:59:07 | 000,018,432 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/02/19 17:42:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/18 18:45:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/30 00:08:27 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/11/06 01:48:47 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/11/06 01:48:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/10/27 22:08:55 | 000,002,107 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
[2009/08/19 03:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 03:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 00:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 13:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2009/01/10 03:17:25 | 000,000,641 | ---- | C] () -- C:\Windows\Remover.ini
[2008/05/22 11:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

< End of report >
  • 0

#28
BVB

BVB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL Extras logfile created on: 10/26/2011 8:29:24 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.97 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 45.37% Memory free
5.93 Gb Paging File | 4.19 Gb Available in Paging File | 70.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.44 Gb Total Space | 238.40 Gb Free Space | 84.11% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Reimage Repair" = Reimage Repair

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_Screensaver" = ASUS_Screensaver
"ASUSUSBDEVIC" = ASUS USB2.0 UVC VGA WebCam
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"SpeedFan" = SpeedFan (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/08/2011 10:39:56 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time
stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time
stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x000132d6 Faulting process
id: 0xea8 Faulting application start time: 0x01cc6e4f1b4cddb1 Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: 003e26cf-da8d-11e0-9d39-e0cb4e642a13

Error - 09/09/2011 1:06:09 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time
stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time
stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x00057f95 Faulting process
id: 0xea8 Faulting application start time: 0x01cc6e4f1b4cddb1 Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: 02dccc27-db06-11e0-9d39-e0cb4e642a13

Error - 09/15/2011 10:13:07 PM | Computer Name = owner-PC | Source = VSS | ID = 8193
Description =

Error - 09/17/2011 8:22:18 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process
id: 0x764 Faulting application start time: 0x01cc7532d7029c10 Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: aeea209e-e127-11e0-8d69-e0cb4e642a13

Error - 09/19/2011 2:09:18 PM | Computer Name = owner-PC | Source = VSS | ID = 8193
Description =

Error - 09/21/2011 8:25:25 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process
id: 0x95c Faulting application start time: 0x01cc785716540678 Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: c7b572c7-e44c-11e0-88b6-e0cb4e642a13

Error - 09/21/2011 12:24:51 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x0005afd9 Faulting process
id: 0x95c Faulting application start time: 0x01cc785716540678 Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: 3a675603-e46e-11e0-88b6-e0cb4e642a13

Error - 09/21/2011 12:48:14 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.3.0.120, time stamp:
0x4df89ed9 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting process id:
0xd1c Faulting application start time: 0x01cc787de74a72bb Faulting application path:
C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 7f01a449-e471-11e0-88b6-e0cb4e642a13

Error - 09/21/2011 2:52:51 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process
id: 0xa8 Faulting application start time: 0x01cc78888b8528da Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: e76ce69c-e482-11e0-88b6-e0cb4e642a13

Error - 09/21/2011 2:53:00 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x00049949 Faulting process
id: 0xa8 Faulting application start time: 0x01cc78888b8528da Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: ed369d2e-e482-11e0-88b6-e0cb4e642a13

[ Cisco AnyConnect VPN Client Events ]
Error - 10/26/2011 2:50:19 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsTunnelMgr::OnTunnelReadComplete File: .\TunnelMgr.cpp
Line:
1118 Invoked Function: CTunnelStateMgr::readTunnel Return Code: -31522800 (0xFE1F0010)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN callback

Error - 10/26/2011 2:50:23 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 10/26/2011 2:50:29 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
1025 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.

Error - 10/26/2011 2:50:49 PM | Computer Name = owner-PC | Source = vpndownloader | ID = 67108866
Description = Function: CManifest::GetManifest File: .\Manifest.cpp Line: 236 Invoked
Function: CManifestInfo Return Code: 0 (0x00000000) Description: Failed to init CManifestInfo


Error - 10/26/2011 2:50:52 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: DelRoute Destination: 192.168.1.255 Netmask:
255.255.255.255 Gateway: 192.168.1.100 Interface: 192.168.1.100 Metric: 256

Error - 10/26/2011 2:50:52 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
244 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 10/26/2011 2:50:53 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 10/26/2011 3:05:33 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
Hibernate, etc).

Error - 10/26/2011 7:26:06 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 10/26/2011 7:26:12 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
1025 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.

[ OSession Events ]
Error - 11/07/2010 10:47:42 AM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/11/2010 4:47:52 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31176
seconds with 360 seconds of active time. This session ended with a crash.

Error - 01/13/2011 11:15:36 AM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 325
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/24/2011 7:28:49 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5551
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/21/2011 10:47:25 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 52653
seconds with 120 seconds of active time. This session ended with a crash.

Error - 05/24/2011 7:54:46 AM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 136917
seconds with 60 seconds of active time. This session ended with a crash.

Error - 08/26/2011 11:36:05 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228586
seconds with 420 seconds of active time. This session ended with a crash.

Error - 09/09/2011 1:06:08 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 84035
seconds with 600 seconds of active time. This session ended with a crash.

Error - 09/21/2011 12:24:39 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 15407
seconds with 120 seconds of active time. This session ended with a crash.

Error - 09/21/2011 2:52:58 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3064
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/09/2011 4:05:36 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The FlipShare Service service failed to start due to the following
error: %%1053

Error - 10/14/2011 7:32:48 AM | Computer Name = owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :20" could not be registered on the interface
with IP address 10.0.180.47. The computer with the IP address 157.242.48.11 did
not allow the name to be claimed by this computer.

Error - 10/14/2011 7:32:53 AM | Computer Name = owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 10.0.180.47. The computer with the IP address 157.242.48.11 did
not allow the name to be claimed by this computer.

Error - 10/16/2011 1:06:50 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 10/16/2011 1:06:50 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 10/26/2011 2:15:17 PM | Computer Name = owner-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "00059A3C7A00" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 10/26/2011 2:15:17 PM | Computer Name = owner-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "00059A3C7A00" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 10/26/2011 2:17:34 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 10/26/2011 2:17:34 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 10/26/2011 2:19:09 PM | Computer Name = owner-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,007 posts
  • MVP
Spybot - Search & Destroy is having problems. I would uninstall it. Your Cisco VPN doesn't look too happy either. There is also some confusion with your PC's name. Possibly you have both a wireless and a wired connection running at the same time?

I don't see any signs of malware as such but you can run Combofix again if you like. Remember to pause the antivirus.

Ron
  • 0

#30
BVB

BVB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL Extras logfile created on: 10/26/2011 8:29:24 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.97 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 45.37% Memory free
5.93 Gb Paging File | 4.19 Gb Available in Paging File | 70.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.44 Gb Total Space | 238.40 Gb Free Space | 84.11% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Reimage Repair" = Reimage Repair

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_Screensaver" = ASUS_Screensaver
"ASUSUSBDEVIC" = ASUS USB2.0 UVC VGA WebCam
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"SpeedFan" = SpeedFan (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/08/2011 10:39:56 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time
stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time
stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x000132d6 Faulting process
id: 0xea8 Faulting application start time: 0x01cc6e4f1b4cddb1 Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: 003e26cf-da8d-11e0-9d39-e0cb4e642a13

Error - 09/09/2011 1:06:09 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6557.5000, time
stamp: 0x4da3be27 Faulting module name: EXCEL.EXE, version: 12.0.6557.5000, time
stamp: 0x4da3be27 Exception code: 0xc0000005 Fault offset: 0x00057f95 Faulting process
id: 0xea8 Faulting application start time: 0x01cc6e4f1b4cddb1 Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: 02dccc27-db06-11e0-9d39-e0cb4e642a13

Error - 09/15/2011 10:13:07 PM | Computer Name = owner-PC | Source = VSS | ID = 8193
Description =

Error - 09/17/2011 8:22:18 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process
id: 0x764 Faulting application start time: 0x01cc7532d7029c10 Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: aeea209e-e127-11e0-8d69-e0cb4e642a13

Error - 09/19/2011 2:09:18 PM | Computer Name = owner-PC | Source = VSS | ID = 8193
Description =

Error - 09/21/2011 8:25:25 AM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process
id: 0x95c Faulting application start time: 0x01cc785716540678 Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: c7b572c7-e44c-11e0-88b6-e0cb4e642a13

Error - 09/21/2011 12:24:51 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x0005afd9 Faulting process
id: 0x95c Faulting application start time: 0x01cc785716540678 Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: 3a675603-e46e-11e0-88b6-e0cb4e642a13

Error - 09/21/2011 12:48:14 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.3.0.120, time stamp:
0x4df89ed9 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting process id:
0xd1c Faulting application start time: 0x01cc787de74a72bb Faulting application path:
C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 7f01a449-e471-11e0-88b6-e0cb4e642a13

Error - 09/21/2011 2:52:51 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x000132c6 Faulting process
id: 0xa8 Faulting application start time: 0x01cc78888b8528da Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: e76ce69c-e482-11e0-88b6-e0cb4e642a13

Error - 09/21/2011 2:53:00 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Faulting module name: EXCEL.EXE, version: 12.0.6565.5003, time
stamp: 0x4e5fe1a6 Exception code: 0xc0000005 Fault offset: 0x00049949 Faulting process
id: 0xa8 Faulting application start time: 0x01cc78888b8528da Faulting application
path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE Faulting module path: C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
Report
Id: ed369d2e-e482-11e0-88b6-e0cb4e642a13

[ Cisco AnyConnect VPN Client Events ]
Error - 10/26/2011 2:50:19 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsTunnelMgr::OnTunnelReadComplete File: .\TunnelMgr.cpp
Line:
1118 Invoked Function: CTunnelStateMgr::readTunnel Return Code: -31522800 (0xFE1F0010)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN callback

Error - 10/26/2011 2:50:23 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 10/26/2011 2:50:29 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
1025 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.

Error - 10/26/2011 2:50:49 PM | Computer Name = owner-PC | Source = vpndownloader | ID = 67108866
Description = Function: CManifest::GetManifest File: .\Manifest.cpp Line: 236 Invoked
Function: CManifestInfo Return Code: 0 (0x00000000) Description: Failed to init CManifestInfo


Error - 10/26/2011 2:50:52 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: DelRoute Destination: 192.168.1.255 Netmask:
255.255.255.255 Gateway: 192.168.1.100 Interface: 192.168.1.100 Metric: 256

Error - 10/26/2011 2:50:52 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
244 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 10/26/2011 2:50:53 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 10/26/2011 3:05:33 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
Hibernate, etc).

Error - 10/26/2011 7:26:06 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
No such file or directory

Error - 10/26/2011 7:26:12 PM | Computer Name = owner-PC | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
1025 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.

[ OSession Events ]
Error - 11/07/2010 10:47:42 AM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/11/2010 4:47:52 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31176
seconds with 360 seconds of active time. This session ended with a crash.

Error - 01/13/2011 11:15:36 AM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 325
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/24/2011 7:28:49 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5551
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/21/2011 10:47:25 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 52653
seconds with 120 seconds of active time. This session ended with a crash.

Error - 05/24/2011 7:54:46 AM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 136917
seconds with 60 seconds of active time. This session ended with a crash.

Error - 08/26/2011 11:36:05 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228586
seconds with 420 seconds of active time. This session ended with a crash.

Error - 09/09/2011 1:06:08 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 84035
seconds with 600 seconds of active time. This session ended with a crash.

Error - 09/21/2011 12:24:39 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 15407
seconds with 120 seconds of active time. This session ended with a crash.

Error - 09/21/2011 2:52:58 PM | Computer Name = owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3064
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/09/2011 4:05:36 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The FlipShare Service service failed to start due to the following
error: %%1053

Error - 10/14/2011 7:32:48 AM | Computer Name = owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :20" could not be registered on the interface
with IP address 10.0.180.47. The computer with the IP address 157.242.48.11 did
not allow the name to be claimed by this computer.

Error - 10/14/2011 7:32:53 AM | Computer Name = owner-PC | Source = NetBT | ID = 4321
Description = The name "OWNER-PC :0" could not be registered on the interface
with IP address 10.0.180.47. The computer with the IP address 157.242.48.11 did
not allow the name to be claimed by this computer.

Error - 10/16/2011 1:06:50 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 10/16/2011 1:06:50 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 10/26/2011 2:15:17 PM | Computer Name = owner-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "00059A3C7A00" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 10/26/2011 2:15:17 PM | Computer Name = owner-PC | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.
Use
the string "00059A3C7A00" to identify the interface for which initialization failed.
It represents the MAC address of the failed interface or the Globally Unique Interface
Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither
the MAC address nor the GUID were available, the string represents a cluster device
name.

Error - 10/26/2011 2:17:34 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SBSD
Security Center Service service to connect.

Error - 10/26/2011 2:17:34 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000
Description = The SBSD Security Center Service service failed to start due to the
following error: %%1053

Error - 10/26/2011 2:19:09 PM | Computer Name = owner-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP