Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer slow & other misc. problems


  • Please log in to reply

#1
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
*Sigh* Should have known I'd end up here eventually with all the searching I do looking for malware. I've been crazy busy with school the last couple of months & barely balancing GeekU with it. I have noticed that simple things like moving Microsoft Word documents from folder to folder take minutes not seconds like it used to. My wireless internet connection I used to have no problems with drops several times a day. I finally got the time to start checking into things, Microsoft Security Essentials Scans (done every 48 hours) showed nothing on history, Malware Bytes scans clean. I did however find that my Automatic Updates had stopped. By renaming the SoftwareDistribution folder to SDTemp I was able to get them started again and have spend the last day getting the 40+ updates on my computer I had missed. (How in the world I didn't notice my computer wasn't updating is beyond me.) The only updates that wouldn't work were the updates for Microsoft Security Essentials which REALLY bothered me. I downloaded Avira, scanned and it was clean, I can't get MSE off my computer, the uninstall fails every time. :) Even with all the clean scans, running CCleaner and all the updates caught up, things are still the same...makes me wonder if something is lurking there so I'm posting my log. On another note...none of these problems started until after my husband started using my laptop and we added Skype. I did find that he or one of the kids had installed a NO NO program (uTorrent) and had my rant about it and removed it but no one claims to have used it. :) Guess that's what I get for letting others use my computer. Nothing on the logs jumps out at me but I haven't went through it line for line and I don't want to screw my computer up. I'm not that brave...yet! :yes:

OTL logfile created on: 11/19/2011 9:16:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Destiny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 33.76% Memory free
3.66 Gb Paging File | 2.05 Gb Available in Paging File | 55.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 109.38 Gb Free Space | 50.00% Space Free | Partition Type: NTFS

Computer Name: DESTINY_LAPTOP | User Name: Destiny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/19 21:14:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Destiny\Desktop\OTL.exe
PRC - [2011/11/17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Destiny\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/07 14:04:52 | 000,313,160 | ---- | M] (Smilebox, Inc.) -- C:\Users\Destiny\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2011/10/25 09:10:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 16:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/20 06:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/10/20 17:41:22 | 000,067,904 | -H-- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/08 17:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/03/03 07:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 07:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 12:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 11:47:44 | 000,206,208 | -H-- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/01/09 10:40:26 | 000,942,592 | ---- | M] (Audiovox Electronics Corp.) -- C:\Users\Destiny\My Documents\RCA Detective\RCADetective.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/11/22 11:49:08 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/25 09:10:53 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/17 06:45:03 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010/07/04 15:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2010/01/13 11:47:44 | 000,206,208 | -H-- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/20 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/17 07:30:54 | 000,094,480 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/11/11 13:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/17 08:17:08 | 000,202,752 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 21:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/05/25 08:42:22 | 000,034,224 | -H-- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV:64bit: - [2007/05/25 08:42:12 | 000,567,216 | -H-- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)
SRV - [2011/11/19 18:29:18 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/06 14:06:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/20 17:41:22 | 000,067,904 | -H-- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 17:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/19 16:56:50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/19 16:56:49 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/19 16:56:49 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/17 07:30:50 | 000,154,752 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 20:25:38 | 000,072,064 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/03/20 12:59:08 | 000,321,064 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/03/17 16:48:58 | 002,212,352 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/17 11:24:24 | 006,405,120 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/17 07:21:18 | 000,188,928 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/08 07:57:22 | 000,239,136 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 05:25:10 | 000,301,104 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 01:01:24 | 000,213,280 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 03:55:32 | 000,016,440 | -H-- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:36 | 000,867,328 | -H-- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | -H-- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | -H-- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | -H-- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 02:46:08 | 000,018,432 | -H-- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 02:46:08 | 000,016,896 | -H-- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2010/12/18 05:03:58 | 000,025,280 | -H-- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h4z195t45k2n299
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...h4z195t45k2n299
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Inbox.com Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 14:45:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/02 13:21:40 | 000,000,000 | ---D | M]

[2010/07/27 17:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Destiny\AppData\Roaming\Mozilla\Extensions
[2011/11/19 21:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\extensions
[2011/10/25 21:52:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/20 15:26:23 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/12/06 20:20:22 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\extensions\[email protected]
[2010/12/17 18:23:32 | 000,000,863 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\searchplugins\conduit.xml
[2010/10/30 13:50:36 | 000,001,463 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\searchplugins\crawlersrch.xml
[2011/05/18 08:10:04 | 000,001,635 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\searchplugins\firefox-add-ons.xml
[2010/09/13 21:47:37 | 000,001,594 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\searchplugins\web-search.xml
[2011/11/01 23:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 16:43:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/09 16:33:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/07 15:44:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/10 17:54:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/01 07:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/11/01 23:09:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9ENCOYA.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI
() (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9ENCOYA.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9ENCOYA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/25 09:10:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/01 23:08:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/25 09:10:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010/09/13 21:44:56 | 000,000,911 | -H-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Destiny\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A286DF1-A27D-42D7-BE68-9DFFEF4B7789}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42DA7E57-BA43-4216-9C1F-15C39A4F0A6B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/19 21:13:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Destiny\Desktop\OTL.exe
[2011/11/19 20:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/19 20:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/19 19:26:54 | 000,000,000 | ---D | C] -- C:\Users\Destiny\Desktop\Playlists
[2011/11/19 12:34:04 | 000,000,000 | ---D | C] -- C:\Users\Destiny\Desktop\Gracie Community Service Project Pictures
[2011/11/17 21:30:58 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Avira
[2011/11/17 20:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/11/17 20:44:26 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/11/17 20:44:26 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/11/17 20:44:26 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/11/17 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/11/17 20:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/11/17 20:27:54 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2011/11/17 19:01:08 | 000,000,000 | ---D | C] -- C:\Windows\TempA15C60A7-B1BC-57C4-65E0-BBA546F200C4-Signatures
[2011/11/17 18:32:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/11/17 17:49:33 | 000,000,000 | ---D | C] -- C:\Windows\TempBBE37D1D-C6EE-F943-B395-87A003CAF374-Signatures
[2011/11/10 23:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/09 17:55:30 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Local\Akamai
[2011/11/04 20:11:33 | 000,000,000 | ---D | C] -- C:\Windows\TempF530868F-ED21-E08F-F66D-3E1C558F5856-Signatures
[2011/11/04 19:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/11/04 19:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2011/11/04 18:08:39 | 000,000,000 | ---D | C] -- C:\Users\Destiny\Desktop\MCAT INFO
[2011/11/01 23:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/27 14:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/19 21:14:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Destiny\Desktop\OTL.exe
[2011/11/19 21:05:39 | 000,071,244 | ---- | M] () -- C:\Users\Destiny\Documents\cc_20111119_210525.reg
[2011/11/19 20:59:21 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/19 20:36:41 | 000,000,898 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/19 20:19:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/19 16:13:34 | 000,000,894 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/19 12:03:54 | 000,001,540 | -H-- | M] () -- C:\Windows\Sandboxie.ini
[2011/11/18 07:18:05 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 07:18:05 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/18 07:09:18 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/17 20:44:43 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/11/17 17:30:39 | 005,009,960 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/16 16:16:13 | 000,017,950 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\wklnhst.dat
[2011/11/10 17:43:15 | 000,581,650 | ---- | M] () -- C:\Users\Destiny\Desktop\certificate-fih.pdf
[2011/11/04 19:31:44 | 000,001,332 | ---- | M] () -- C:\reset.cmd
[2011/10/27 14:45:34 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/25 09:11:29 | 000,002,016 | ---- | M] () -- C:\Users\Destiny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/21 12:44:58 | 000,001,097 | ---- | M] () -- C:\Users\Destiny\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/21 12:44:58 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/19 21:05:30 | 000,071,244 | ---- | C] () -- C:\Users\Destiny\Documents\cc_20111119_210525.reg
[2011/11/19 20:59:21 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/17 20:44:43 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/11/10 17:43:15 | 000,581,650 | ---- | C] () -- C:\Users\Destiny\Desktop\certificate-fih.pdf
[2011/11/04 19:25:05 | 000,001,332 | ---- | C] () -- C:\reset.cmd
[2011/10/27 14:45:34 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/09/24 17:40:30 | 000,003,584 | ---- | C] () -- C:\Users\Destiny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 09:53:40 | 000,000,000 | ---- | C] () -- C:\Windows\DVM.INI
[2011/07/18 18:35:22 | 000,045,056 | -H-- | C] () -- C:\Windows\strings.exe
[2011/07/14 13:22:37 | 000,001,540 | -H-- | C] () -- C:\Windows\Sandboxie.ini
[2011/07/06 08:37:37 | 000,000,000 | ---- | C] () -- C:\Users\Destiny\AppData\Local\{0079864C-5CDA-4D9A-BF33-A93C0B9AA0E2}
[2011/04/14 18:22:05 | 000,743,534 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/08 12:40:21 | 000,000,031 | -H-- | C] () -- C:\Windows\QUICKEN.INI
[2011/01/20 20:21:32 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/29 09:31:39 | 000,017,950 | ---- | C] () -- C:\Users\Destiny\AppData\Roaming\wklnhst.dat
[2010/07/28 09:36:56 | 000,000,346 | -H-- | C] () -- C:\Windows\wininit.ini
[2010/07/27 17:16:21 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010/04/28 15:14:59 | 000,632,056 | -H-- | C] () -- C:\Windows\Image.dll
[2010/04/28 15:14:59 | 000,206,208 | -H-- | C] () -- C:\Windows\PLFSetI.exe
[2010/04/28 15:14:59 | 000,025,848 | -H-- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/04/28 15:14:59 | 000,000,637 | -H-- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/04/28 15:14:59 | 000,000,378 | -H-- | C] () -- C:\Windows\PidList.ini
[2010/04/28 15:11:05 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/02 01:55:20 | 000,001,116 | -H-- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/09/16 18:27:58 | 000,508,224 | -H-- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/02 09:22:38 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Any DVD Shrink
[2010/12/09 17:46:11 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Downloaded Installations
[2011/07/02 12:33:31 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\ImgBurn
[2010/11/14 00:07:48 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Lexmark Productivity Studio
[2011/06/03 19:06:18 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\LockHunter
[2010/12/15 14:54:51 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Millennia
[2010/11/27 22:59:17 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\MudCreek
[2010/10/20 12:51:03 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\NCH Swift Sound
[2010/12/10 16:00:26 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Nitro PDF
[2011/06/14 19:02:08 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\OpenOffice.org
[2011/11/10 21:35:07 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Smilebox
[2010/08/23 09:36:42 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/25 20:54:23 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\Template
[2010/09/13 23:44:15 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\ThePluginSite
[2011/11/19 21:08:40 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\uTorrent
[2010/11/03 16:46:01 | 000,000,000 | ---D | M] -- C:\Users\Destiny\AppData\Roaming\W Photo Studio Viewer
[2011/08/29 09:57:48 | 000,032,528 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:264B2CC4
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8B2A99C5

< End of report >

OTL Extras logfile created on: 11/19/2011 9:16:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Destiny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 33.76% Memory free
3.66 Gb Paging File | 2.05 Gb Available in Paging File | 55.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 109.38 Gb Free Space | 50.00% Space Free | Partition Type: NTFS

Computer Name: DESTINY_LAPTOP | User Name: Destiny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{42281103-DF49-8A45-C960-977096F29F45}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7A23D2C6-6FF9-EBAD-73E2-4717BB08983F}" = ATI Catalyst Install Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DVDFab 8 Qt Retail_is1" = DVDFab 8.0.9.8 (08/06/2011) Qt
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Sandboxie" = Sandboxie 3.56 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15424D99-B708-54FD-94EC-997BE1976918}" = CCC Help Japanese
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DCEE28F-CEDA-ADBA-DE41-1377ADD42DD3}" = CCC Help Finnish
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2552055A-7121-346E-F287-C0E7CC1BB36E}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{327AD686-FD94-F270-C0C9-D379ACC3CCA3}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CABCB73-0ABE-9578-A11C-6888ECF5D6D7}" = CCC Help Portuguese
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3DCF232A-B152-4375-B840-F19D866A316D}" = Catalyst Control Center Graphics Full New
"{3F34DE3B-887D-72A9-FCFE-2676B2EDBE67}" = CCC Help Thai
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B30D670-AA94-3DAC-965D-CA8FED631DA3}" = Catalyst Control Center Graphics Previews Common
"{5F65AB3C-FCF3-E10B-3203-26F3C133F036}" = CCC Help Chinese Standard
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64CFDAC9-C358-88FE-E0E3-B33ED5C8AB2C}" = CCC Help Norwegian
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{702A9675-C93C-6914-7B90-8056525349A7}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7661AFE4-1F7A-8B5C-D395-3A8B682F106A}" = CCC Help Korean
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77D3B22B-CB40-19AE-5A7D-9256E9862010}" = Catalyst Control Center Core Implementation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A555AD4-057E-EB0B-3C2D-82658AA1B190}" = CCC Help English
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81FC1368-171E-4151-E3E1-D63C8CF1F150}" = CCC Help Polish
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85DD738D-6572-53AA-E570-50D0D0842722}" = Catalyst Control Center Graphics Full Existing
"{86141D3B-58F6-D4E9-809E-05032F1C09BE}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97DA45B6-451C-A4B8-897F-106E2B3B6E2F}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A26840C5-95D5-BB10-700A-304AA9F4AF92}" = CCC Help Greek
"{A385939C-3DE9-5568-D8B0-3972BA293DC7}" = CCC Help German
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B284EA3C-8391-5648-BFC4-800A44D01ADA}" = ccc-core-static
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2F1B278-B685-1112-F051-AD05C5946C0D}" = CCC Help French
"{B3A0945A-1A84-BD5C-D33A-F4DC811FCCCC}" = CCC Help Chinese Traditional
"{B4060669-4633-038A-8A50-E05D1F54929E}" = CCC Help Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC171806-3828-33E5-289C-9609C5BC59DF}" = Catalyst Control Center Localization All
"{BDE26FB2-E880-BFF9-3A85-18D70FC44D8D}" = Catalyst Control Center InstallProxy
"{C31501D8-8267-A455-D269-85FBDBE2BFC3}" = CCC Help Italian
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75A193A-D403-5707-7D32-166DF4EA47DD}" = CCC Help Spanish
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4905980-7A59-8CE0-1336-EBC0338DAC1B}" = CCC Help Hungarian
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F98098D2-8822-1B1D-6771-945669046216}" = CCC Help Danish
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Blueline_is1" = Blueline 1.1.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"KeyNote_is1" = KeyNote 1.6.5
"LManager" = Launch Manager
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Professional 2010
"Picasa 3" = Picasa 3
"RCA Detective™_is1" = RCA Detective™ 2.0.0.99
"RCA Digital Voice Manager_is1" = RCA Digital Voice Manager 5.1.1.2
"SpeedFan" = SpeedFan (remove only)
"Unlocker" = Unlocker 1.9.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/19/2011 9:47:10 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/19/2011 9:47:10 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13244

Error - 11/19/2011 9:47:10 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13244

Error - 11/19/2011 10:32:12 PM | Computer Name = Destiny_Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: ipmGui.exe, version: 12.1.0.19, time stamp:
0x4e9bffe2 Faulting module name: ieframe.dll, version: 9.0.8112.16437, time stamp:
0x4e5eeecc Exception code: 0xc0000006 Fault offset: 0x000f8294 Faulting process id:
0x6ec Faulting application start time: 0x01cca72c3ada77f6 Faulting application path:
c:\program files (x86)\avira\antivir desktop\ipmGui.exe Faulting module path: C:\Windows\SysWOW64\ieframe.dll
Report
Id: d9e397f4-131f-11e1-85a8-fa7bcb73f745

Error - 11/19/2011 10:32:12 PM | Computer Name = Destiny_Laptop | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\SysWOW64\ieframe.dll for
one of the following reasons: there is a problem with the network connection, the
disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Avira In Product Messaging because
of this error. Program: Avira In Product Messaging File: C:\Windows\SysWOW64\ieframe.dll

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your
network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000185 Disk
type: 3

Error - 11/19/2011 11:08:05 PM | Computer Name = Destiny_Laptop | Source = MsiInstaller | ID = 10005
Description =

Error - 11/19/2011 11:08:05 PM | Computer Name = Destiny_Laptop | Source = Microsoft-Windows-LoadPerf | ID = 3013
Description = Unable to update the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the error code.

Error - 11/19/2011 11:08:05 PM | Computer Name = Destiny_Laptop | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service Network Inspection
System (Network Inspection System) failed. The first DWORD in the Data section
contains the error code.

Error - 11/19/2011 11:08:13 PM | Computer Name = Destiny_Laptop | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete uninstall wizard. An
error has prevented the Security Essentials Uninstall Wizard from continuing. Please
restart your computer and try again. Error code:0x80070643. Fatal error during
installation.

Error - 11/19/2011 11:08:44 PM | Computer Name = Destiny_Laptop | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 10/5/2010 11:25:36 AM | Computer Name = Destiny_Laptop | Source = MCUpdate | ID = 0
Description = 10:25:36 AM - Error connecting to the internet. 10:25:36 AM - Unable
to contact server..

Error - 8/21/2011 2:43:51 PM | Computer Name = Destiny_Laptop | Source = MCUpdate | ID = 0
Description = 1:43:27 PM - Failed to retrieve MCESpotlight (Error: The operation
has timed out)

Error - 10/11/2011 9:22:32 AM | Computer Name = Destiny_Laptop | Source = MCUpdate | ID = 0
Description = 8:22:09 AM - Error connecting to the internet. 8:22:10 AM - Unable
to contact server..

[ System Events ]
Error - 11/19/2011 10:25:35 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/19/2011 10:25:35 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/19/2011 10:25:35 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/19/2011 10:25:35 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/19/2011 10:25:35 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/19/2011 10:26:25 PM | Computer Name = Destiny_Laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 11/19/2011 10:26:55 PM | Computer Name = Destiny_Laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 11/19/2011 11:14:13 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/19/2011 11:14:13 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/19/2011 11:14:13 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP

The driver detected a controller error on \Device\Ide\IdePort0.


Not a good sign. I suppose it could be an infection so let's run Combofix, TDSSKiller and aswMBR and see if we get lucky.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

I think you should also run a disk check.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Here's the Combofix and TDSSkiller logs, mswMBR keeps freezing at the same point. :( I'm posting these then going to move onto the checkdisk.

Destiny

ComboFix 11-11-20.01 - Destiny 11/20/2011 9:31.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.798 [GMT -6:00]
Running from: c:\users\Destiny\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL18FD.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-20 to 2011-11-20 )))))))))))))))))))))))))))))))
.
.
2011-11-20 15:48 . 2011-11-20 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-20 02:59 . 2011-11-20 02:59 -------- d-----w- c:\program files\CCleaner
2011-11-18 13:18 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17E85C20-C1F3-4A60-8C54-01A7D08FE1E2}\mpengine.dll
2011-11-18 03:30 . 2011-11-18 03:30 -------- d-----w- c:\users\Destiny\AppData\Roaming\Avira
2011-11-18 02:44 . 2011-10-19 22:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-18 02:44 . 2011-10-19 22:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-18 02:44 . 2011-10-19 22:56 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-18 02:44 . 2011-11-18 02:44 -------- d-----w- c:\programdata\Avira
2011-11-18 02:44 . 2011-11-18 02:44 -------- d-----w- c:\program files (x86)\Avira
2011-11-18 02:27 . 2011-11-18 02:28 -------- d-----w- C:\WINSSLog
2011-11-18 02:10 . 2011-11-18 01:45 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C16F54CF-76F1-477F-9037-DB29C8C9AB81}\gapaengine.dll
2011-11-18 01:58 . 2011-11-18 01:45 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E9C1676-9694-49E0-B795-39373BFF5062}\gapaengine.dll
2011-11-18 01:45 . 2011-10-07 03:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{968A63E2-1229-4EDF-88F9-EE96DDC0A271}\mpengine.dll
2011-11-18 01:45 . 2011-11-18 01:45 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\gapaengine.dll
2011-11-18 01:45 . 2011-10-07 03:16 8570192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-11-18 01:01 . 2011-11-18 01:01 -------- d-----w- c:\windows\TempA15C60A7-B1BC-57C4-65E0-BBA546F200C4-Signatures
2011-11-18 00:42 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-18 00:40 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-11-18 00:39 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-18 00:39 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-11-17 23:49 . 2011-11-17 23:49 -------- d-----w- c:\windows\TempBBE37D1D-C6EE-F943-B395-87A003CAF374-Signatures
2011-11-17 23:33 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-17 23:33 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-17 23:27 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 22:51 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-17 22:28 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-17 22:28 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-17 22:28 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-11-17 22:28 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-11-17 21:54 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-11-17 21:54 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-11-17 21:54 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-17 21:54 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-11-09 23:55 . 2011-11-18 05:42 -------- d-----w- c:\users\Destiny\AppData\Local\Akamai
2011-11-05 02:11 . 2011-11-05 02:11 -------- d-----w- c:\windows\TempF530868F-ED21-E08F-F66D-3E1C558F5856-Signatures
2011-11-05 01:25 . 2011-11-05 01:31 1332 ----a-w- C:\reset.cmd
2011-11-05 01:21 . 2011-11-05 01:21 -------- d-----w- c:\program files (x86)\Windows Resource Kits
2011-11-02 05:09 . 2011-11-02 05:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-02 05:09 . 2011-11-02 05:08 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-11-02 05:09 . 2011-11-02 05:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-20 15:58 . 2011-11-20 15:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17E85C20-C1F3-4A60-8C54-01A7D08FE1E2}\offreg.dll
2011-11-20 01:13 . 2011-07-29 03:55 746728 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-18 01:45 . 2011-05-21 15:04 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-09-24 23:59 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-31 04:05 . 2011-08-31 04:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-31 04:05 . 2011-08-31 04:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 04:05 . 2011-08-31 04:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-31 04:05 . 2011-08-31 04:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-31 04:05 . 2011-08-31 04:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-28 23:10 . 2011-04-30 12:45 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2011-08-28 23:10 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432]
"Akamai NetSession Interface"="c:\users\Destiny\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
.
c:\users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-12-7 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [x]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-10-20 67904]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 23:01]
.
2011-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 23:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"combofix"="c:\combofix\CF21816.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbcbc87&v=6.010.023.001&i=23&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3404613540-165053731-2675042022-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3404613540-165053731-2675042022-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2011-11-20 10:13:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-20 16:13
.
Pre-Run: 116,776,652,800 bytes free
Post-Run: 116,534,902,784 bytes free
.
- - End Of File - - 33F4067E06729E059A572E5636579DD5


10:33:21.0159 2528 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
10:33:23.0171 2528 ============================================================
10:33:23.0171 2528 Current date / time: 2011/11/20 10:33:23.0171
10:33:23.0171 2528 SystemInfo:
10:33:23.0171 2528
10:33:23.0171 2528 OS Version: 6.1.7601 ServicePack: 1.0
10:33:23.0171 2528 Product type: Workstation
10:33:23.0171 2528 ComputerName: DESTINY_LAPTOP
10:33:23.0171 2528 UserName: Destiny
10:33:23.0171 2528 Windows directory: C:\Windows
10:33:23.0171 2528 System windows directory: C:\Windows
10:33:23.0171 2528 Running under WOW64
10:33:23.0171 2528 Processor architecture: Intel x64
10:33:23.0171 2528 Number of processors: 1
10:33:23.0171 2528 Page size: 0x1000
10:33:23.0171 2528 Boot type: Normal boot
10:33:23.0171 2528 ============================================================
10:33:24.0232 2528 Initialize success
10:33:28.0413 2548 ============================================================
10:33:28.0413 2548 Scan started
10:33:28.0413 2548 Mode: Manual;
10:33:28.0428 2548 ============================================================
10:33:29.0910 2548 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:33:29.0926 2548 1394ohci - ok
10:33:29.0988 2548 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:33:30.0004 2548 ACPI - ok
10:33:30.0082 2548 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:33:30.0097 2548 AcpiPmi - ok
10:33:30.0269 2548 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:33:30.0300 2548 adp94xx - ok
10:33:30.0425 2548 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:33:30.0425 2548 adpahci - ok
10:33:30.0643 2548 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:33:30.0643 2548 adpu320 - ok
10:33:30.0737 2548 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:33:30.0753 2548 AFD - ok
10:33:30.0846 2548 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:33:30.0846 2548 agp440 - ok
10:33:31.0002 2548 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:33:31.0002 2548 aliide - ok
10:33:31.0080 2548 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:33:31.0096 2548 amdide - ok
10:33:31.0158 2548 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:33:31.0158 2548 AmdK8 - ok
10:33:31.0423 2548 amdkmdag (09a3d41550116e898c4c6f2b941e6d07) C:\Windows\system32\DRIVERS\atipmdag.sys
10:33:31.0689 2548 amdkmdag - ok
10:33:31.0751 2548 amdkmdap (5e9d3213040458690ebb61c37ec685ba) C:\Windows\system32\DRIVERS\atikmpag.sys
10:33:31.0767 2548 amdkmdap - ok
10:33:31.0845 2548 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:33:31.0845 2548 AmdPPM - ok
10:33:31.0923 2548 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:33:31.0923 2548 amdsata - ok
10:33:31.0969 2548 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:33:31.0969 2548 amdsbs - ok
10:33:32.0016 2548 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:33:32.0016 2548 amdxata - ok
10:33:32.0235 2548 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:33:32.0235 2548 AppID - ok
10:33:32.0437 2548 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:33:32.0437 2548 arc - ok
10:33:32.0484 2548 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:33:32.0484 2548 arcsas - ok
10:33:32.0578 2548 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:33:32.0593 2548 AsyncMac - ok
10:33:32.0640 2548 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:33:32.0640 2548 atapi - ok
10:33:32.0796 2548 athr (d53972336e7408330417de45619d75e7) C:\Windows\system32\DRIVERS\athrx.sys
10:33:32.0890 2548 athr - ok
10:33:33.0030 2548 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:33:33.0030 2548 AtiPcie - ok
10:33:33.0233 2548 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
10:33:33.0233 2548 avgntflt - ok
10:33:33.0311 2548 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
10:33:33.0311 2548 avipbb - ok
10:33:33.0373 2548 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
10:33:33.0373 2548 avkmgr - ok
10:33:33.0498 2548 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:33:33.0514 2548 b06bdrv - ok
10:33:33.0576 2548 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:33:33.0592 2548 b57nd60a - ok
10:33:33.0732 2548 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:33:33.0779 2548 BCM43XX - ok
10:33:33.0935 2548 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:33:33.0935 2548 Beep - ok
10:33:34.0075 2548 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:33:34.0075 2548 blbdrive - ok
10:33:34.0169 2548 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:33:34.0169 2548 bowser - ok
10:33:34.0231 2548 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:33:34.0231 2548 BrFiltLo - ok
10:33:34.0278 2548 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:33:34.0278 2548 BrFiltUp - ok
10:33:34.0309 2548 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:33:34.0325 2548 Brserid - ok
10:33:34.0356 2548 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:33:34.0356 2548 BrSerWdm - ok
10:33:34.0434 2548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:33:34.0434 2548 BrUsbMdm - ok
10:33:34.0481 2548 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:33:34.0481 2548 BrUsbSer - ok
10:33:34.0543 2548 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:33:34.0543 2548 BTHMODEM - ok
10:33:34.0621 2548 catchme - ok
10:33:34.0715 2548 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:33:34.0715 2548 cdfs - ok
10:33:34.0855 2548 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:33:34.0855 2548 cdrom - ok
10:33:34.0996 2548 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:33:34.0996 2548 circlass - ok
10:33:35.0058 2548 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:33:35.0074 2548 CLFS - ok
10:33:35.0245 2548 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:33:35.0245 2548 CmBatt - ok
10:33:35.0292 2548 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:33:35.0308 2548 cmdide - ok
10:33:35.0370 2548 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:33:35.0386 2548 CNG - ok
10:33:35.0511 2548 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:33:35.0511 2548 Compbatt - ok
10:33:35.0557 2548 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:33:35.0573 2548 CompositeBus - ok
10:33:35.0620 2548 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:33:35.0620 2548 crcdisk - ok
10:33:35.0823 2548 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:33:35.0838 2548 DfsC - ok
10:33:35.0932 2548 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:33:35.0932 2548 discache - ok
10:33:36.0025 2548 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:33:36.0025 2548 Disk - ok
10:33:36.0119 2548 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:33:36.0119 2548 drmkaud - ok
10:33:36.0244 2548 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:33:36.0291 2548 DXGKrnl - ok
10:33:36.0447 2548 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:33:36.0556 2548 ebdrv - ok
10:33:36.0649 2548 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:33:36.0665 2548 elxstor - ok
10:33:36.0805 2548 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:33:36.0805 2548 ErrDev - ok
10:33:36.0899 2548 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:33:36.0915 2548 exfat - ok
10:33:36.0946 2548 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:33:36.0961 2548 fastfat - ok
10:33:37.0008 2548 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:33:37.0008 2548 fdc - ok
10:33:37.0133 2548 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:33:37.0133 2548 FileInfo - ok
10:33:37.0164 2548 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:33:37.0164 2548 Filetrace - ok
10:33:37.0273 2548 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:33:37.0289 2548 flpydisk - ok
10:33:37.0351 2548 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:33:37.0367 2548 FltMgr - ok
10:33:37.0414 2548 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:33:37.0429 2548 FsDepends - ok
10:33:37.0507 2548 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys
10:33:37.0507 2548 fssfltr - ok
10:33:37.0554 2548 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:33:37.0570 2548 Fs_Rec - ok
10:33:37.0648 2548 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:33:37.0648 2548 fvevol - ok
10:33:37.0695 2548 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:33:37.0695 2548 gagp30kx - ok
10:33:37.0835 2548 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:33:37.0835 2548 GEARAspiWDM - ok
10:33:38.0069 2548 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:33:38.0069 2548 hcw85cir - ok
10:33:38.0147 2548 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:33:38.0163 2548 HdAudAddService - ok
10:33:38.0209 2548 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:33:38.0209 2548 HDAudBus - ok
10:33:38.0272 2548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:33:38.0272 2548 HidBatt - ok
10:33:38.0303 2548 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:33:38.0303 2548 HidBth - ok
10:33:38.0334 2548 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:33:38.0334 2548 HidIr - ok
10:33:38.0397 2548 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:33:38.0397 2548 HidUsb - ok
10:33:38.0475 2548 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:33:38.0475 2548 HpSAMD - ok
10:33:38.0553 2548 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:33:38.0584 2548 HTTP - ok
10:33:38.0662 2548 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:33:38.0662 2548 hwpolicy - ok
10:33:38.0740 2548 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:33:38.0740 2548 i8042prt - ok
10:33:38.0880 2548 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:33:38.0896 2548 iaStorV - ok
10:33:38.0943 2548 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:33:38.0958 2548 iirsp - ok
10:33:39.0099 2548 IntcAzAudAddService (feadc18677a85a123e95a9b976101120) C:\Windows\system32\drivers\RTKVHD64.sys
10:33:39.0177 2548 IntcAzAudAddService - ok
10:33:39.0317 2548 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:33:39.0317 2548 intelide - ok
10:33:39.0364 2548 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:33:39.0379 2548 intelppm - ok
10:33:39.0442 2548 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:33:39.0457 2548 IpFilterDriver - ok
10:33:39.0535 2548 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:33:39.0535 2548 IPMIDRV - ok
10:33:39.0598 2548 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:33:39.0598 2548 IPNAT - ok
10:33:39.0738 2548 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:33:39.0738 2548 IRENUM - ok
10:33:39.0801 2548 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:33:39.0801 2548 isapnp - ok
10:33:39.0894 2548 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:33:39.0910 2548 iScsiPrt - ok
10:33:39.0972 2548 k57nd60a (c9b4ecc187581e5bf3f76648884b7829) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:33:39.0972 2548 k57nd60a - ok
10:33:40.0066 2548 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:33:40.0066 2548 kbdclass - ok
10:33:40.0159 2548 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:33:40.0159 2548 kbdhid - ok
10:33:40.0222 2548 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:33:40.0237 2548 KSecDD - ok
10:33:40.0269 2548 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:33:40.0269 2548 KSecPkg - ok
10:33:40.0331 2548 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:33:40.0331 2548 ksthunk - ok
10:33:40.0487 2548 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:33:40.0487 2548 lltdio - ok
10:33:40.0565 2548 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:33:40.0581 2548 LSI_FC - ok
10:33:40.0705 2548 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:33:40.0705 2548 LSI_SAS - ok
10:33:40.0799 2548 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:33:40.0799 2548 LSI_SAS2 - ok
10:33:40.0846 2548 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:33:40.0846 2548 LSI_SCSI - ok
10:33:40.0908 2548 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:33:40.0908 2548 luafv - ok
10:33:41.0033 2548 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
10:33:41.0049 2548 mcdbus - ok
10:33:41.0095 2548 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:33:41.0095 2548 megasas - ok
10:33:41.0142 2548 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:33:41.0158 2548 MegaSR - ok
10:33:41.0205 2548 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:33:41.0220 2548 Modem - ok
10:33:41.0283 2548 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:33:41.0283 2548 monitor - ok
10:33:41.0361 2548 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:33:41.0361 2548 mouclass - ok
10:33:41.0423 2548 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:33:41.0423 2548 mouhid - ok
10:33:41.0501 2548 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:33:41.0501 2548 mountmgr - ok
10:33:41.0563 2548 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
10:33:41.0579 2548 MpFilter - ok
10:33:41.0626 2548 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:33:41.0641 2548 mpio - ok
10:33:41.0782 2548 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
10:33:41.0782 2548 MpNWMon - ok
10:33:41.0829 2548 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:33:41.0829 2548 mpsdrv - ok
10:33:41.0907 2548 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:33:41.0907 2548 MRxDAV - ok
10:33:41.0969 2548 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:33:41.0969 2548 mrxsmb - ok
10:33:42.0047 2548 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:33:42.0047 2548 mrxsmb10 - ok
10:33:42.0109 2548 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:33:42.0109 2548 mrxsmb20 - ok
10:33:42.0172 2548 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:33:42.0172 2548 msahci - ok
10:33:42.0234 2548 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:33:42.0234 2548 msdsm - ok
10:33:42.0359 2548 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:33:42.0359 2548 Msfs - ok
10:33:42.0421 2548 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:33:42.0421 2548 mshidkmdf - ok
10:33:42.0468 2548 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:33:42.0468 2548 msisadrv - ok
10:33:42.0609 2548 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:33:42.0624 2548 MSKSSRV - ok
10:33:42.0640 2548 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:33:42.0640 2548 MSPCLOCK - ok
10:33:42.0671 2548 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:33:42.0671 2548 MSPQM - ok
10:33:42.0765 2548 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:33:42.0765 2548 MsRPC - ok
10:33:42.0874 2548 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:33:42.0874 2548 mssmbios - ok
10:33:42.0936 2548 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:33:42.0936 2548 MSTEE - ok
10:33:42.0967 2548 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:33:42.0967 2548 MTConfig - ok
10:33:43.0014 2548 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:33:43.0014 2548 Mup - ok
10:33:43.0155 2548 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
10:33:43.0155 2548 mwlPSDFilter - ok
10:33:43.0186 2548 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
10:33:43.0186 2548 mwlPSDNServ - ok
10:33:43.0217 2548 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
10:33:43.0233 2548 mwlPSDVDisk - ok
10:33:43.0389 2548 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:33:43.0404 2548 NativeWifiP - ok
10:33:43.0513 2548 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:33:43.0545 2548 NDIS - ok
10:33:43.0669 2548 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:33:43.0669 2548 NdisCap - ok
10:33:43.0716 2548 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:33:43.0716 2548 NdisTapi - ok
10:33:43.0810 2548 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:33:43.0825 2548 Ndisuio - ok
10:33:43.0872 2548 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:33:43.0872 2548 NdisWan - ok
10:33:43.0935 2548 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:33:43.0935 2548 NDProxy - ok
10:33:44.0059 2548 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:33:44.0075 2548 NetBIOS - ok
10:33:44.0137 2548 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:33:44.0153 2548 NetBT - ok
10:33:44.0340 2548 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
10:33:44.0371 2548 netr28ux - ok
10:33:44.0527 2548 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:33:44.0527 2548 nfrd960 - ok
10:33:44.0621 2548 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:33:44.0637 2548 NisDrv - ok
10:33:44.0808 2548 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:33:44.0808 2548 Npfs - ok
10:33:44.0855 2548 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:33:44.0855 2548 nsiproxy - ok
10:33:44.0995 2548 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:33:45.0058 2548 Ntfs - ok
10:33:45.0198 2548 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
10:33:45.0214 2548 NTIDrvr - ok
10:33:45.0261 2548 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:33:45.0261 2548 Null - ok
10:33:45.0354 2548 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:33:45.0354 2548 nvraid - ok
10:33:45.0417 2548 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:33:45.0417 2548 nvstor - ok
10:33:45.0510 2548 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:33:45.0510 2548 nv_agp - ok
10:33:45.0573 2548 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:33:45.0573 2548 ohci1394 - ok
10:33:45.0775 2548 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:33:45.0775 2548 Parport - ok
10:33:45.0838 2548 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:33:45.0838 2548 partmgr - ok
10:33:45.0916 2548 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:33:45.0916 2548 pci - ok
10:33:45.0994 2548 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:33:45.0994 2548 pciide - ok
10:33:46.0056 2548 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:33:46.0056 2548 pcmcia - ok
10:33:46.0119 2548 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:33:46.0119 2548 pcw - ok
10:33:46.0181 2548 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:33:46.0212 2548 PEAUTH - ok
10:33:46.0477 2548 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:33:46.0477 2548 PptpMiniport - ok
10:33:46.0524 2548 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:33:46.0540 2548 Processor - ok
10:33:46.0680 2548 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:33:46.0680 2548 Psched - ok
10:33:46.0805 2548 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:33:46.0883 2548 ql2300 - ok
10:33:46.0930 2548 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:33:46.0930 2548 ql40xx - ok
10:33:47.0055 2548 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:33:47.0070 2548 QWAVEdrv - ok
10:33:47.0117 2548 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:33:47.0117 2548 RasAcd - ok
10:33:47.0257 2548 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:33:47.0257 2548 RasAgileVpn - ok
10:33:47.0320 2548 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:33:47.0335 2548 Rasl2tp - ok
10:33:47.0445 2548 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:33:47.0445 2548 RasPppoe - ok
10:33:47.0491 2548 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:33:47.0491 2548 RasSstp - ok
10:33:47.0569 2548 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:33:47.0569 2548 rdbss - ok
10:33:47.0616 2548 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:33:47.0616 2548 rdpbus - ok
10:33:47.0663 2548 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:33:47.0663 2548 RDPCDD - ok
10:33:47.0772 2548 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:33:47.0772 2548 RDPENCDD - ok
10:33:47.0819 2548 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:33:47.0819 2548 RDPREFMP - ok
10:33:47.0881 2548 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:33:47.0881 2548 RDPWD - ok
10:33:47.0991 2548 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:33:47.0991 2548 rdyboost - ok
10:33:48.0115 2548 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:33:48.0115 2548 rspndr - ok
10:33:48.0287 2548 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
10:33:48.0287 2548 RSUSBSTOR - ok
10:33:48.0381 2548 RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
10:33:48.0381 2548 RTHDMIAzAudService - ok
10:33:48.0490 2548 SbieDrv (e6c0ea194b4a98f6645502a52359e0ac) C:\Program Files\Sandboxie\SbieDrv.sys
10:33:48.0490 2548 SbieDrv - ok
10:33:48.0630 2548 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:33:48.0630 2548 sbp2port - ok
10:33:48.0708 2548 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:33:48.0708 2548 scfilter - ok
10:33:48.0864 2548 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:33:48.0864 2548 secdrv - ok
10:33:48.0958 2548 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:33:48.0973 2548 Serenum - ok
10:33:49.0005 2548 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:33:49.0005 2548 Serial - ok
10:33:49.0098 2548 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:33:49.0098 2548 sermouse - ok
10:33:49.0192 2548 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:33:49.0192 2548 sffdisk - ok
10:33:49.0239 2548 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:33:49.0239 2548 sffp_mmc - ok
10:33:49.0254 2548 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:33:49.0270 2548 sffp_sd - ok
10:33:49.0379 2548 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:33:49.0395 2548 sfloppy - ok
10:33:49.0535 2548 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:33:49.0551 2548 SiSRaid2 - ok
10:33:49.0582 2548 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:33:49.0582 2548 SiSRaid4 - ok
10:33:49.0613 2548 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:33:49.0629 2548 Smb - ok
10:33:49.0707 2548 speedfan - ok
10:33:49.0822 2548 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:33:49.0824 2548 spldr - ok
10:33:49.0910 2548 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:33:49.0941 2548 srv - ok
10:33:50.0019 2548 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:33:50.0019 2548 srv2 - ok
10:33:50.0081 2548 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:33:50.0081 2548 srvnet - ok
10:33:50.0222 2548 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:33:50.0222 2548 stexstor - ok
10:33:50.0300 2548 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:33:50.0300 2548 swenum - ok
10:33:50.0393 2548 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
10:33:50.0409 2548 SynTP - ok
10:33:50.0581 2548 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:33:50.0705 2548 Tcpip - ok
10:33:50.0861 2548 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:33:50.0893 2548 TCPIP6 - ok
10:33:50.0986 2548 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:33:50.0986 2548 tcpipreg - ok
10:33:51.0033 2548 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:33:51.0049 2548 TDPIPE - ok
10:33:51.0080 2548 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:33:51.0095 2548 TDTCP - ok
10:33:51.0158 2548 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:33:51.0158 2548 tdx - ok
10:33:51.0220 2548 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:33:51.0220 2548 TermDD - ok
10:33:51.0345 2548 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:33:51.0345 2548 tssecsrv - ok
10:33:51.0501 2548 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:33:51.0501 2548 TsUsbFlt - ok
10:33:51.0641 2548 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:33:51.0641 2548 tunnel - ok
10:33:51.0704 2548 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:33:51.0704 2548 uagp35 - ok
10:33:51.0751 2548 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
10:33:51.0751 2548 UBHelper - ok
10:33:51.0844 2548 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:33:51.0860 2548 udfs - ok
10:33:51.0953 2548 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:33:51.0953 2548 uliagpkx - ok
10:33:52.0063 2548 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:33:52.0063 2548 umbus - ok
10:33:52.0109 2548 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:33:52.0109 2548 UmPass - ok
10:33:52.0250 2548 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:33:52.0250 2548 USBAAPL64 - ok
10:33:52.0312 2548 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:33:52.0312 2548 usbccgp - ok
10:33:52.0421 2548 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:33:52.0421 2548 usbcir - ok
10:33:52.0468 2548 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:33:52.0484 2548 usbehci - ok
10:33:52.0609 2548 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
10:33:52.0609 2548 usbfilter - ok
10:33:52.0687 2548 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:33:52.0702 2548 usbhub - ok
10:33:52.0765 2548 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:33:52.0765 2548 usbohci - ok
10:33:52.0889 2548 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:33:52.0889 2548 usbprint - ok
10:33:52.0952 2548 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:33:52.0952 2548 usbscan - ok
10:33:52.0999 2548 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:33:52.0999 2548 USBSTOR - ok
10:33:53.0045 2548 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:33:53.0045 2548 usbuhci - ok
10:33:53.0186 2548 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:33:53.0186 2548 usbvideo - ok
10:33:53.0295 2548 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:33:53.0295 2548 vdrvroot - ok
10:33:53.0357 2548 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:33:53.0373 2548 vga - ok
10:33:53.0404 2548 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:33:53.0404 2548 VgaSave - ok
10:33:53.0545 2548 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\DRIVERS\vhdmp.sys
10:33:53.0545 2548 vhdmp - ok
10:33:53.0607 2548 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:33:53.0623 2548 viaide - ok
10:33:53.0669 2548 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:33:53.0685 2548 volmgr - ok
10:33:53.0747 2548 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:33:53.0763 2548 volmgrx - ok
10:33:53.0810 2548 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:33:53.0810 2548 volsnap - ok
10:33:53.0888 2548 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:33:53.0888 2548 vsmraid - ok
10:33:53.0935 2548 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:33:53.0935 2548 vwifibus - ok
10:33:54.0044 2548 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:33:54.0044 2548 vwififlt - ok
10:33:54.0106 2548 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:33:54.0106 2548 vwifimp - ok
10:33:54.0184 2548 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:33:54.0184 2548 WacomPen - ok
10:33:54.0309 2548 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:33:54.0325 2548 WANARP - ok
10:33:54.0356 2548 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:33:54.0356 2548 Wanarpv6 - ok
10:33:54.0543 2548 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:33:54.0543 2548 Wd - ok
10:33:54.0605 2548 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:33:54.0637 2548 Wdf01000 - ok
10:33:54.0855 2548 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:33:54.0855 2548 WfpLwf - ok
10:33:54.0902 2548 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:33:54.0902 2548 WIMMount - ok
10:33:55.0167 2548 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:33:55.0167 2548 WmiAcpi - ok
10:33:55.0307 2548 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:33:55.0307 2548 ws2ifsl - ok
10:33:55.0401 2548 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:33:55.0401 2548 WudfPf - ok
10:33:55.0557 2548 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:33:55.0557 2548 WUDFRd - ok
10:33:55.0729 2548 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:33:55.0760 2548 \Device\Harddisk0\DR0 - ok
10:33:55.0775 2548 Boot (0x1200) (229491058a40db321f90a0434eba39c5) \Device\Harddisk0\DR0\Partition0
10:33:55.0775 2548 \Device\Harddisk0\DR0\Partition0 - ok
10:33:55.0822 2548 Boot (0x1200) (03af6f4baa30c21e4557ad7befb2ee4a) \Device\Harddisk0\DR0\Partition1
10:33:55.0822 2548 \Device\Harddisk0\DR0\Partition1 - ok
10:33:55.0822 2548 ============================================================
10:33:55.0822 2548 Scan finished
10:33:55.0822 2548 ============================================================
10:33:55.0853 0184 Detected object count: 0
10:33:55.0853 0184 Actual detected object count: 0
10:42:44.0834 0180 Deinitialize success
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
  • 0

#5
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Here's the rest of it. When I did the sfc /scannow It said it found and fixed some corrupted files and the log was saved at c:\Windows\Logs\CBS\CBS.log but when I try to open it, I get an access denied error. With the sigverif I only got one which was mcdbus.sys in c:\windows\system32drivers-2/24/2009-system file-2.7.106.519.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-20 12:56:55
-----------------------------
12:56:55.093 OS Version: Windows x64 6.1.7601 Service Pack 1
12:56:55.093 Number of processors: 1 586 0x603
12:56:55.093 ComputerName: DESTINY_LAPTOP UserName: Destiny
12:57:15.171 Initialize success
12:57:24.687 AVAST engine defs: 11112000
12:57:52.923 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:57:52.923 Disk 0 Vendor: ST9250315AS 0001SDM1 Size: 238475MB BusType: 11
12:57:55.013 Disk 0 MBR read successfully
12:57:55.029 Disk 0 MBR scan
12:57:55.060 Disk 0 Windows 7 default MBR code
12:57:55.076 Service scanning
12:58:05.715 Modules scanning
12:58:05.715 Scan finished successfully
12:59:02.094 Disk 0 MBR has been saved successfully to "C:\Users\Destiny\Desktop\MBR.dat"
12:59:02.094 The log file has been saved successfully to "C:\Users\Destiny\Desktop\aswMBR.txt"

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/11/2011 1:01:37 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/11/2011 6:59:35 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:59:35 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:59:35 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:59:35 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:59:35 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:59:35 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:59:35 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 6:54:26 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/11/2011 7:00:50 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\Program Files (x86)\WinRAR\RarExtLoader.exe

Log: 'System' Date/Time: 20/11/2011 7:00:25 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\Program Files (x86)\WinRAR\RarExtLoader.exe

Log: 'System' Date/Time: 20/11/2011 6:59:58 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<RarExtLoader.e> C:\Program Files (x86)\WinRAR\Formats\gz.fmt

Log: 'System' Date/Time: 20/11/2011 6:56:02 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<GoogleUpdate.e> C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\profiles.ini

Log: 'System' Date/Time: 20/11/2011 6:55:37 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<GoogleUpdate.e> C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\profiles.ini

Log: 'System' Date/Time: 20/11/2011 6:55:11 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<services.exe> C:\Windows\System32\taskhost.exe

Log: 'System' Date/Time: 20/11/2011 6:54:45 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\Windows\System32\perftrack.dll

Log: 'System' Date/Time: 20/11/2011 6:53:00 PM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 20/11/2011 6:52:23 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 20/11/2011 6:51:06 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\Program Files\Windows Sidebar\sbdrop.dll

Log: 'System' Date/Time: 20/11/2011 6:50:12 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<RarExtLoader.e> C:\Program Files (x86)\WinRAR\Formats\gz.fmt

Log: 'System' Date/Time: 20/11/2011 6:48:02 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\Program Files (x86)\WinRAR\RarExtLoader.exe

Log: 'System' Date/Time: 20/11/2011 6:47:33 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\Program Files (x86)\WinRAR\RarExtLoader.exe

Log: 'System' Date/Time: 20/11/2011 6:47:00 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<RarExtLoader.e> C:\Program Files (x86)\WinRAR\Formats\gz.fmt

Log: 'System' Date/Time: 20/11/2011 6:43:59 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-CorruptedFileRecovery-Server
The system file C:\Windows\System32\shell32.dll is corrupted, which may have caused the application C:\Windows\system32\NOTEPAD.EXE to stop working. Windows could not attempt to repair C:\Windows\System32\shell32.dll because a previous repair operation was pended. Reboot the computer and run the command "sfc /scannow" at an administrative command prompt to check for errors and to repair the file if necessary.

Log: 'System' Date/Time: 20/11/2011 6:42:28 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe>

Log: 'System' Date/Time: 20/11/2011 6:41:54 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<RarExtLoader.e> C:\Program Files (x86)\WinRAR\Formats\gz.fmt

Log: 'System' Date/Time: 20/11/2011 6:12:36 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<dllhost.exe> C:\Windows\System32\oleacc.dll

Log: 'System' Date/Time: 20/11/2011 6:12:11 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<dllhost.exe> C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll

Log: 'System' Date/Time: 20/11/2011 6:11:46 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe> C:\Windows\System32\wercplsupport.dll


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/11/2011 1:03:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/11/2011 6:54:15 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 20/11/2011 6:43:30 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\Windows\System32\shell32.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Notepad because of this error. Program: Notepad File: C:\Windows\System32\shell32.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3

Log: 'Application' Date/Time: 20/11/2011 6:43:30 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 0

Log: 'Application' Date/Time: 20/11/2011 6:43:30 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: mpengine.dll, version: 1.1.7801.0, time stamp: 0x4e8e7b8e Exception code: 0xc0000006 Fault offset: 0x00000000002094a3 Faulting process id: 0x12ec Faulting application start time: 0x01cca7b0145f8066 Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{17E85C20-C1F3-4A60-8C54-01A7D08FE1E2}\mpengine.dll Report Id: 89dc05be-13a7-11e1-9c69-705ab6e86ad2

Log: 'Application' Date/Time: 20/11/2011 6:43:30 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc9b3 Faulting module name: SHELL32.dll, version: 6.1.7601.17678, time stamp: 0x4e5c71cc Exception code: 0xc0000006 Fault offset: 0x0000000000115f48 Faulting process id: 0xee4 Faulting application start time: 0x01cca7af65bb4b31 Faulting application path: C:\Windows\system32\NOTEPAD.EXE Faulting module path: C:\Windows\system32\SHELL32.dll Report Id: 89d4e19d-13a7-11e1-9c69-705ab6e86ad2

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/11/2011 6:52:13 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3404613540-165053731-2675042022-1000_Classes:
Process 1680 (\Device\HarddiskVolume3\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000_CLASSES\SOFTWARE\Microsoft


Log: 'Application' Date/Time: 20/11/2011 6:52:12 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-3404613540-165053731-2675042022-1000:
Process 580 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000
Process 580 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000
Process 1680 (\Device\HarddiskVolume3\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Process 580 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000\Software\Microsoft\SystemCertificates\My
Process 580 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000\Software\Microsoft\SystemCertificates\CA
Process 580 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000\Software\Microsoft\SystemCertificates\Disallowed


Log: 'Application' Date/Time: 20/11/2011 6:06:50 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-3404613540-165053731-2675042022-1000:
Process 536 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000
Process 536 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000
Process 536 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000\Software\Microsoft\SystemCertificates\My
Process 536 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000\Software\Microsoft\SystemCertificates\CA
Process 536 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-3404613540-165053731-2675042022-1000\Software\Microsoft\SystemCertificates\Disallowed
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt 




attach the file \windows\logs\cbs\junk.txt to your next reply.
  • 0

#7
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
This time it says Windows Resource Protection did not find any integrity violations.
Here's the log.

2011-11-20 13:32:11, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:32:11, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2011-11-20 13:32:14, Info CSI 0000000c [SR] Verify complete
2011-11-20 13:32:14, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:32:14, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2011-11-20 13:32:19, Info CSI 00000010 [SR] Verify complete
2011-11-20 13:32:20, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:32:20, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2011-11-20 13:32:26, Info CSI 00000014 [SR] Verify complete
2011-11-20 13:32:27, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:32:27, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2011-11-20 13:32:31, Info CSI 00000018 [SR] Verify complete
2011-11-20 13:32:31, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:32:31, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2011-11-20 13:32:38, Info CSI 0000001c [SR] Verify complete
2011-11-20 13:32:38, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:32:38, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2011-11-20 13:32:43, Info CSI 00000020 [SR] Verify complete
2011-11-20 13:32:44, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:32:44, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2011-11-20 13:32:46, Info CSI 00000024 [SR] Verify complete
2011-11-20 13:32:47, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:32:47, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2011-11-20 13:32:52, Info CSI 00000028 [SR] Verify complete
2011-11-20 13:32:53, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:32:53, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2011-11-20 13:33:04, Info CSI 0000002d [SR] Verify complete
2011-11-20 13:33:04, Info CSI 0000002e [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:33:04, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2011-11-20 13:33:10, Info CSI 00000034 [SR] Verify complete
2011-11-20 13:33:11, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:33:11, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2011-11-20 13:33:19, Info CSI 00000039 [SR] Verify complete
2011-11-20 13:33:19, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:33:19, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2011-11-20 13:33:27, Info CSI 0000003d [SR] Verify complete
2011-11-20 13:33:27, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:33:27, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2011-11-20 13:33:37, Info CSI 00000061 [SR] Verify complete
2011-11-20 13:33:37, Info CSI 00000062 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:33:37, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2011-11-20 13:33:45, Info CSI 00000068 [SR] Verify complete
2011-11-20 13:33:46, Info CSI 00000069 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:33:46, Info CSI 0000006a [SR] Beginning Verify and Repair transaction
2011-11-20 13:33:53, Info CSI 0000006c [SR] Verify complete
2011-11-20 13:33:54, Info CSI 0000006d [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:33:54, Info CSI 0000006e [SR] Beginning Verify and Repair transaction
2011-11-20 13:34:02, Info CSI 00000070 [SR] Verify complete
2011-11-20 13:34:03, Info CSI 00000071 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:34:03, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2011-11-20 13:34:11, Info CSI 00000074 [SR] Verify complete
2011-11-20 13:34:12, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:34:12, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2011-11-20 13:34:25, Info CSI 00000078 [SR] Verify complete
2011-11-20 13:34:25, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:34:25, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2011-11-20 13:34:42, Info CSI 0000009d [SR] Verify complete
2011-11-20 13:34:42, Info CSI 0000009e [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:34:42, Info CSI 0000009f [SR] Beginning Verify and Repair transaction
2011-11-20 13:34:54, Info CSI 000000a1 [SR] Verify complete
2011-11-20 13:34:55, Info CSI 000000a2 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:34:55, Info CSI 000000a3 [SR] Beginning Verify and Repair transaction
2011-11-20 13:35:17, Info CSI 000000a5 [SR] Verify complete
2011-11-20 13:35:17, Info CSI 000000a6 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:35:17, Info CSI 000000a7 [SR] Beginning Verify and Repair transaction
2011-11-20 13:35:30, Info CSI 000000ab [SR] Verify complete
2011-11-20 13:35:31, Info CSI 000000ac [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:35:31, Info CSI 000000ad [SR] Beginning Verify and Repair transaction
2011-11-20 13:35:34, Info CSI 000000af [SR] Verify complete
2011-11-20 13:35:34, Info CSI 000000b0 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:35:34, Info CSI 000000b1 [SR] Beginning Verify and Repair transaction
2011-11-20 13:35:36, Info CSI 000000b3 [SR] Verify complete
2011-11-20 13:35:36, Info CSI 000000b4 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:35:36, Info CSI 000000b5 [SR] Beginning Verify and Repair transaction
2011-11-20 13:35:46, Info CSI 000000c1 [SR] Verify complete
2011-11-20 13:35:46, Info CSI 000000c2 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:35:46, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2011-11-20 13:35:53, Info CSI 000000cc [SR] Verify complete
2011-11-20 13:35:53, Info CSI 000000cd [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:35:53, Info CSI 000000ce [SR] Beginning Verify and Repair transaction
2011-11-20 13:35:56, Info CSI 000000d0 [SR] Verify complete
2011-11-20 13:35:57, Info CSI 000000d1 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:35:57, Info CSI 000000d2 [SR] Beginning Verify and Repair transaction
2011-11-20 13:36:02, Info CSI 000000d4 [SR] Verify complete
2011-11-20 13:36:03, Info CSI 000000d5 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:36:03, Info CSI 000000d6 [SR] Beginning Verify and Repair transaction
2011-11-20 13:36:09, Info CSI 000000d8 [SR] Verify complete
2011-11-20 13:36:09, Info CSI 000000d9 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:36:09, Info CSI 000000da [SR] Beginning Verify and Repair transaction
2011-11-20 13:36:22, Info CSI 000000de [SR] Verify complete
2011-11-20 13:36:22, Info CSI 000000df [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:36:22, Info CSI 000000e0 [SR] Beginning Verify and Repair transaction
2011-11-20 13:36:33, Info CSI 000000e2 [SR] Verify complete
2011-11-20 13:36:33, Info CSI 000000e3 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:36:33, Info CSI 000000e4 [SR] Beginning Verify and Repair transaction
2011-11-20 13:36:36, Info CSI 000000e6 [SR] Verify complete
2011-11-20 13:36:37, Info CSI 000000e7 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:36:37, Info CSI 000000e8 [SR] Beginning Verify and Repair transaction
2011-11-20 13:36:45, Info CSI 000000ea [SR] Verify complete
2011-11-20 13:36:46, Info CSI 000000eb [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:36:46, Info CSI 000000ec [SR] Beginning Verify and Repair transaction
2011-11-20 13:36:55, Info CSI 000000ee [SR] Verify complete
2011-11-20 13:36:55, Info CSI 000000ef [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:36:55, Info CSI 000000f0 [SR] Beginning Verify and Repair transaction
2011-11-20 13:37:02, Info CSI 000000f2 [SR] Verify complete
2011-11-20 13:37:02, Info CSI 000000f3 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:37:02, Info CSI 000000f4 [SR] Beginning Verify and Repair transaction
2011-11-20 13:37:28, Info CSI 000000f6 [SR] Verify complete
2011-11-20 13:37:28, Info CSI 000000f7 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:37:28, Info CSI 000000f8 [SR] Beginning Verify and Repair transaction
2011-11-20 13:37:42, Info CSI 00000110 [SR] Verify complete
2011-11-20 13:37:42, Info CSI 00000111 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:37:42, Info CSI 00000112 [SR] Beginning Verify and Repair transaction
2011-11-20 13:37:53, Info CSI 00000114 [SR] Verify complete
2011-11-20 13:37:54, Info CSI 00000115 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:37:54, Info CSI 00000116 [SR] Beginning Verify and Repair transaction
2011-11-20 13:38:21, Info CSI 00000118 [SR] Verify complete
2011-11-20 13:38:21, Info CSI 00000119 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:38:21, Info CSI 0000011a [SR] Beginning Verify and Repair transaction
2011-11-20 13:38:38, Info CSI 0000011d [SR] Verify complete
2011-11-20 13:38:38, Info CSI 0000011e [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:38:38, Info CSI 0000011f [SR] Beginning Verify and Repair transaction
2011-11-20 13:38:49, Info CSI 00000121 [SR] Verify complete
2011-11-20 13:38:50, Info CSI 00000122 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:38:50, Info CSI 00000123 [SR] Beginning Verify and Repair transaction
2011-11-20 13:39:01, Info CSI 00000125 [SR] Verify complete
2011-11-20 13:39:01, Info CSI 00000126 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:39:01, Info CSI 00000127 [SR] Beginning Verify and Repair transaction
2011-11-20 13:39:09, Info CSI 00000129 [SR] Verify complete
2011-11-20 13:39:10, Info CSI 0000012a [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:39:10, Info CSI 0000012b [SR] Beginning Verify and Repair transaction
2011-11-20 13:39:18, Info CSI 0000012f [SR] Verify complete
2011-11-20 13:39:19, Info CSI 00000130 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:39:19, Info CSI 00000131 [SR] Beginning Verify and Repair transaction
2011-11-20 13:39:29, Info CSI 00000133 [SR] Verify complete
2011-11-20 13:39:29, Info CSI 00000134 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:39:29, Info CSI 00000135 [SR] Beginning Verify and Repair transaction
2011-11-20 13:39:51, Info CSI 00000138 [SR] Verify complete
2011-11-20 13:39:51, Info CSI 00000139 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:39:51, Info CSI 0000013a [SR] Beginning Verify and Repair transaction
2011-11-20 13:40:02, Info CSI 0000013c [SR] Verify complete
2011-11-20 13:40:02, Info CSI 0000013d [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:40:02, Info CSI 0000013e [SR] Beginning Verify and Repair transaction
2011-11-20 13:40:11, Info CSI 00000141 [SR] Verify complete
2011-11-20 13:40:11, Info CSI 00000142 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:40:11, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2011-11-20 13:40:24, Info CSI 00000146 [SR] Verify complete
2011-11-20 13:40:25, Info CSI 00000147 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:40:25, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2011-11-20 13:40:38, Info CSI 0000014a [SR] Verify complete
2011-11-20 13:40:38, Info CSI 0000014b [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:40:38, Info CSI 0000014c [SR] Beginning Verify and Repair transaction
2011-11-20 13:40:48, Info CSI 0000014e [SR] Verify complete
2011-11-20 13:40:48, Info CSI 0000014f [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:40:48, Info CSI 00000150 [SR] Beginning Verify and Repair transaction
2011-11-20 13:40:56, Info CSI 00000152 [SR] Verify complete
2011-11-20 13:40:57, Info CSI 00000153 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:40:57, Info CSI 00000154 [SR] Beginning Verify and Repair transaction
2011-11-20 13:41:06, Info CSI 00000157 [SR] Verify complete
2011-11-20 13:41:07, Info CSI 00000158 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:41:07, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2011-11-20 13:41:18, Info CSI 0000015b [SR] Verify complete
2011-11-20 13:41:19, Info CSI 0000015c [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:41:19, Info CSI 0000015d [SR] Beginning Verify and Repair transaction
2011-11-20 13:41:27, Info CSI 0000015f [SR] Verify complete
2011-11-20 13:41:27, Info CSI 00000160 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:41:27, Info CSI 00000161 [SR] Beginning Verify and Repair transaction
2011-11-20 13:41:39, Info CSI 00000164 [SR] Verify complete
2011-11-20 13:41:40, Info CSI 00000165 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:41:40, Info CSI 00000166 [SR] Beginning Verify and Repair transaction
2011-11-20 13:41:49, Info CSI 0000016a [SR] Verify complete
2011-11-20 13:41:50, Info CSI 0000016b [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:41:50, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2011-11-20 13:41:59, Info CSI 0000016e [SR] Verify complete
2011-11-20 13:42:00, Info CSI 0000016f [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:42:00, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2011-11-20 13:42:12, Info CSI 00000173 [SR] Verify complete
2011-11-20 13:42:12, Info CSI 00000174 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:42:12, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2011-11-20 13:42:21, Info CSI 00000177 [SR] Verify complete
2011-11-20 13:42:21, Info CSI 00000178 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:42:21, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2011-11-20 13:42:24, Info CSI 0000017b [SR] Verify complete
2011-11-20 13:42:24, Info CSI 0000017c [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:42:24, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2011-11-20 13:42:32, Info CSI 0000017f [SR] Verify complete
2011-11-20 13:42:32, Info CSI 00000180 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:42:32, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2011-11-20 13:42:38, Info CSI 00000183 [SR] Verify complete
2011-11-20 13:42:38, Info CSI 00000184 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:42:38, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2011-11-20 13:42:50, Info CSI 00000187 [SR] Verify complete
2011-11-20 13:42:50, Info CSI 00000188 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:42:50, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2011-11-20 13:42:58, Info CSI 0000018b [SR] Verify complete
2011-11-20 13:42:58, Info CSI 0000018c [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:42:58, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2011-11-20 13:43:09, Info CSI 0000018f [SR] Verify complete
2011-11-20 13:43:09, Info CSI 00000190 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:43:09, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2011-11-20 13:43:39, Info CSI 00000193 [SR] Verify complete
2011-11-20 13:43:39, Info CSI 00000194 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:43:39, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2011-11-20 13:44:20, Info CSI 00000197 [SR] Verify complete
2011-11-20 13:44:20, Info CSI 00000198 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:44:20, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2011-11-20 13:44:28, Info CSI 0000019b [SR] Verify complete
2011-11-20 13:44:28, Info CSI 0000019c [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:44:28, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2011-11-20 13:44:35, Info CSI 0000019f [SR] Verify complete
2011-11-20 13:44:36, Info CSI 000001a0 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:44:36, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2011-11-20 13:44:41, Info CSI 000001a3 [SR] Verify complete
2011-11-20 13:44:42, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:44:42, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2011-11-20 13:44:46, Info CSI 000001a7 [SR] Verify complete
2011-11-20 13:44:47, Info CSI 000001a8 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:44:47, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2011-11-20 13:44:56, Info CSI 000001ab [SR] Verify complete
2011-11-20 13:44:56, Info CSI 000001ac [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:44:56, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2011-11-20 13:45:08, Info CSI 000001b5 [SR] Verify complete
2011-11-20 13:45:08, Info CSI 000001b6 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:45:08, Info CSI 000001b7 [SR] Beginning Verify and Repair transaction
2011-11-20 13:45:18, Info CSI 000001b9 [SR] Verify complete
2011-11-20 13:45:19, Info CSI 000001ba [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:45:19, Info CSI 000001bb [SR] Beginning Verify and Repair transaction
2011-11-20 13:45:26, Info CSI 000001bd [SR] Verify complete
2011-11-20 13:45:26, Info CSI 000001be [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:45:26, Info CSI 000001bf [SR] Beginning Verify and Repair transaction
2011-11-20 13:45:36, Info CSI 000001c1 [SR] Verify complete
2011-11-20 13:45:36, Info CSI 000001c2 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:45:36, Info CSI 000001c3 [SR] Beginning Verify and Repair transaction
2011-11-20 13:45:49, Info CSI 000001c5 [SR] Verify complete
2011-11-20 13:45:49, Info CSI 000001c6 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:45:49, Info CSI 000001c7 [SR] Beginning Verify and Repair transaction
2011-11-20 13:46:00, Info CSI 000001ca [SR] Verify complete
2011-11-20 13:46:01, Info CSI 000001cb [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:46:01, Info CSI 000001cc [SR] Beginning Verify and Repair transaction
2011-11-20 13:46:04, Info CSI 000001ce [SR] Verify complete
2011-11-20 13:46:05, Info CSI 000001cf [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:46:05, Info CSI 000001d0 [SR] Beginning Verify and Repair transaction
2011-11-20 13:46:12, Info CSI 000001d2 [SR] Verify complete
2011-11-20 13:46:12, Info CSI 000001d3 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:46:12, Info CSI 000001d4 [SR] Beginning Verify and Repair transaction
2011-11-20 13:46:37, Info CSI 000001d9 [SR] Verify complete
2011-11-20 13:46:37, Info CSI 000001da [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:46:37, Info CSI 000001db [SR] Beginning Verify and Repair transaction
2011-11-20 13:46:50, Info CSI 000001e0 [SR] Verify complete
2011-11-20 13:46:50, Info CSI 000001e1 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:46:50, Info CSI 000001e2 [SR] Beginning Verify and Repair transaction
2011-11-20 13:47:03, Info CSI 000001e5 [SR] Verify complete
2011-11-20 13:47:03, Info CSI 000001e6 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:47:03, Info CSI 000001e7 [SR] Beginning Verify and Repair transaction
2011-11-20 13:47:16, Info CSI 000001f2 [SR] Verify complete
2011-11-20 13:47:17, Info CSI 000001f3 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:47:17, Info CSI 000001f4 [SR] Beginning Verify and Repair transaction
2011-11-20 13:47:29, Info CSI 000001fa [SR] Verify complete
2011-11-20 13:47:29, Info CSI 000001fb [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:47:29, Info CSI 000001fc [SR] Beginning Verify and Repair transaction
2011-11-20 13:47:37, Info CSI 000001fe [SR] Verify complete
2011-11-20 13:47:37, Info CSI 000001ff [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:47:37, Info CSI 00000200 [SR] Beginning Verify and Repair transaction
2011-11-20 13:47:44, Info CSI 00000204 [SR] Verify complete
2011-11-20 13:47:44, Info CSI 00000205 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:47:44, Info CSI 00000206 [SR] Beginning Verify and Repair transaction
2011-11-20 13:47:52, Info CSI 00000212 [SR] Verify complete
2011-11-20 13:47:53, Info CSI 00000213 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:47:53, Info CSI 00000214 [SR] Beginning Verify and Repair transaction
2011-11-20 13:48:01, Info CSI 0000022f [SR] Verify complete
2011-11-20 13:48:01, Info CSI 00000230 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:48:01, Info CSI 00000231 [SR] Beginning Verify and Repair transaction
2011-11-20 13:48:09, Info CSI 00000233 [SR] Verify complete
2011-11-20 13:48:10, Info CSI 00000234 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:48:10, Info CSI 00000235 [SR] Beginning Verify and Repair transaction
2011-11-20 13:48:18, Info CSI 00000237 [SR] Verify complete
2011-11-20 13:48:18, Info CSI 00000238 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:48:18, Info CSI 00000239 [SR] Beginning Verify and Repair transaction
2011-11-20 13:48:25, Info CSI 00000247 [SR] Verify complete
2011-11-20 13:48:26, Info CSI 00000248 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:48:26, Info CSI 00000249 [SR] Beginning Verify and Repair transaction
2011-11-20 13:48:36, Info CSI 0000024b [SR] Verify complete
2011-11-20 13:48:37, Info CSI 0000024c [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:48:37, Info CSI 0000024d [SR] Beginning Verify and Repair transaction
2011-11-20 13:48:45, Info CSI 0000025b [SR] Verify complete
2011-11-20 13:48:46, Info CSI 0000025c [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:48:46, Info CSI 0000025d [SR] Beginning Verify and Repair transaction
2011-11-20 13:48:48, Info CSI 0000025f [SR] Verify complete
2011-11-20 13:48:48, Info CSI 00000260 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:48:48, Info CSI 00000261 [SR] Beginning Verify and Repair transaction
2011-11-20 13:48:53, Info CSI 00000263 [SR] Verify complete
2011-11-20 13:48:53, Info CSI 00000264 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:48:53, Info CSI 00000265 [SR] Beginning Verify and Repair transaction
2011-11-20 13:49:03, Info CSI 00000268 [SR] Verify complete
2011-11-20 13:49:04, Info CSI 00000269 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:49:04, Info CSI 0000026a [SR] Beginning Verify and Repair transaction
2011-11-20 13:49:07, Info CSI 0000026c [SR] Verify complete
2011-11-20 13:49:07, Info CSI 0000026d [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:49:07, Info CSI 0000026e [SR] Beginning Verify and Repair transaction
2011-11-20 13:49:15, Info CSI 00000270 [SR] Verify complete
2011-11-20 13:49:16, Info CSI 00000271 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:49:16, Info CSI 00000272 [SR] Beginning Verify and Repair transaction
2011-11-20 13:49:23, Info CSI 00000274 [SR] Verify complete
2011-11-20 13:49:23, Info CSI 00000275 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:49:23, Info CSI 00000276 [SR] Beginning Verify and Repair transaction
2011-11-20 13:49:34, Info CSI 00000278 [SR] Verify complete
2011-11-20 13:49:35, Info CSI 00000279 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:49:35, Info CSI 0000027a [SR] Beginning Verify and Repair transaction
2011-11-20 13:49:45, Info CSI 00000294 [SR] Verify complete
2011-11-20 13:49:45, Info CSI 00000295 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:49:45, Info CSI 00000296 [SR] Beginning Verify and Repair transaction
2011-11-20 13:50:11, Info CSI 00000298 [SR] Verify complete
2011-11-20 13:50:11, Info CSI 00000299 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:50:11, Info CSI 0000029a [SR] Beginning Verify and Repair transaction
2011-11-20 13:50:20, Info CSI 0000029c [SR] Verify complete
2011-11-20 13:50:21, Info CSI 0000029d [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:50:21, Info CSI 0000029e [SR] Beginning Verify and Repair transaction
2011-11-20 13:50:28, Info CSI 000002a1 [SR] Verify complete
2011-11-20 13:50:29, Info CSI 000002a2 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:50:29, Info CSI 000002a3 [SR] Beginning Verify and Repair transaction
2011-11-20 13:50:35, Info CSI 000002a6 [SR] Verify complete
2011-11-20 13:50:35, Info CSI 000002a7 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:50:35, Info CSI 000002a8 [SR] Beginning Verify and Repair transaction
2011-11-20 13:50:43, Info CSI 000002aa [SR] Verify complete
2011-11-20 13:50:43, Info CSI 000002ab [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:50:43, Info CSI 000002ac [SR] Beginning Verify and Repair transaction
2011-11-20 13:50:53, Info CSI 000002ae [SR] Verify complete
2011-11-20 13:50:54, Info CSI 000002af [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:50:54, Info CSI 000002b0 [SR] Beginning Verify and Repair transaction
2011-11-20 13:51:01, Info CSI 000002b3 [SR] Verify complete
2011-11-20 13:51:01, Info CSI 000002b4 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:51:01, Info CSI 000002b5 [SR] Beginning Verify and Repair transaction
2011-11-20 13:51:08, Info CSI 000002b7 [SR] Verify complete
2011-11-20 13:51:08, Info CSI 000002b8 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:51:08, Info CSI 000002b9 [SR] Beginning Verify and Repair transaction
2011-11-20 13:51:15, Info CSI 000002bb [SR] Verify complete
2011-11-20 13:51:16, Info CSI 000002bc [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:51:16, Info CSI 000002bd [SR] Beginning Verify and Repair transaction
2011-11-20 13:51:24, Info CSI 000002bf [SR] Verify complete
2011-11-20 13:51:25, Info CSI 000002c0 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:51:25, Info CSI 000002c1 [SR] Beginning Verify and Repair transaction
2011-11-20 13:51:37, Info CSI 000002c4 [SR] Verify complete
2011-11-20 13:51:37, Info CSI 000002c5 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:51:37, Info CSI 000002c6 [SR] Beginning Verify and Repair transaction
2011-11-20 13:51:44, Info CSI 000002c8 [SR] Verify complete
2011-11-20 13:51:44, Info CSI 000002c9 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:51:44, Info CSI 000002ca [SR] Beginning Verify and Repair transaction
2011-11-20 13:51:52, Info CSI 000002cc [SR] Verify complete
2011-11-20 13:51:52, Info CSI 000002cd [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:51:52, Info CSI 000002ce [SR] Beginning Verify and Repair transaction
2011-11-20 13:51:59, Info CSI 000002d0 [SR] Verify complete
2011-11-20 13:52:00, Info CSI 000002d1 [SR] Verifying 100 (0x0000000000000064) components
2011-11-20 13:52:00, Info CSI 000002d2 [SR] Beginning Verify and Repair transaction
2011-11-20 13:52:11, Info CSI 000002d4 [SR] Verify complete
2011-11-20 13:52:11, Info CSI 000002d5 [SR] Verifying 41 (0x0000000000000029) components
2011-11-20 13:52:11, Info CSI 000002d6 [SR] Beginning Verify and Repair transaction
2011-11-20 13:52:15, Info CSI 000002d8 [SR] Verify complete
2011-11-20 13:52:15, Info CSI 000002d9 [SR] Repairing 0 components
2011-11-20 13:52:15, Info CSI 000002da [SR] Beginning Verify and Repair transaction
2011-11-20 13:52:15, Info CSI 000002dc [SR] Repair complete
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Good. Clear the events again as before, reboot and run Vino's again. Let's see if it is still complaining about the shell.

Ron
  • 0

#9
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Here they are again. Right-clicking on anything is painfully slow. :( Everything still seems very laggy.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/11/2011 3:02:31 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/11/2011 9:01:41 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Defender service hung on starting.

Log: 'System' Date/Time: 20/11/2011 9:01:15 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Peer Networking Identity Manager service hung on starting.

Log: 'System' Date/Time: 20/11/2011 8:59:15 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Log: 'System' Date/Time: 20/11/2011 8:59:04 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 20/11/2011 8:59:04 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Log: 'System' Date/Time: 20/11/2011 8:58:15 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Log: 'System' Date/Time: 20/11/2011 8:57:50 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 20/11/2011 8:57:50 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 20/11/2011 8:57:19 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/11/2011 8:57:15 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Log: 'System' Date/Time: 20/11/2011 8:56:55 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

Log: 'System' Date/Time: 20/11/2011 8:55:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 20/11/2011 8:55:58 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

Log: 'System' Date/Time: 20/11/2011 8:55:03 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 20/11/2011 8:55:03 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.

Log: 'System' Date/Time: 20/11/2011 8:54:44 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 20/11/2011 8:54:50 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 20/11/2011 8:54:07 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 20/11/2011 8:54:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 20/11/2011 8:54:07 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/11/2011 9:01:45 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<reader_sl.exe> C:\...c8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll

Log: 'System' Date/Time: 20/11/2011 9:01:20 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<reader_sl.exe> C:\Windows\SysWOW64\dciman32.dll

Log: 'System' Date/Time: 20/11/2011 9:00:55 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<GoogleUpdate.e> C:\Windows\SysWOW64\wkscli.dll

Log: 'System' Date/Time: 20/11/2011 9:00:30 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<GoogleUpdate.e> C:\Windows\SysWOW64\srvcli.dll

Log: 'System' Date/Time: 20/11/2011 9:00:04 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<taskhost.exe> C:\Windows\System32\devobj.dll

Log: 'System' Date/Time: 20/11/2011 8:59:39 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<lsass.exe> C:\Windows\System32\Microsoft\Protect\S-1-5-19\Preferred

Log: 'System' Date/Time: 20/11/2011 8:58:59 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<lsass.exe> C:\Windows\System32\Microsoft\Protect\S-1-5-19\Preferred

Log: 'System' Date/Time: 20/11/2011 8:58:34 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<RarExtLoader.e> C:\Users\Destiny\Desktop\VEW.exe

Log: 'System' Date/Time: 20/11/2011 8:58:09 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<lsass.exe>

Log: 'System' Date/Time: 20/11/2011 8:57:44 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<lsass.exe> C:\Windows\System32\Microsoft\Protect\S-1-5-19\Preferred

Log: 'System' Date/Time: 20/11/2011 8:57:19 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe>

Log: 'System' Date/Time: 20/11/2011 8:56:54 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<explorer.exe>

Log: 'System' Date/Time: 20/11/2011 8:55:36 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\...rosoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9

Log: 'System' Date/Time: 20/11/2011 8:55:10 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<reader_sl.exe> C:\Windows\SysWOW64\shell32.dll

Log: 'System' Date/Time: 20/11/2011 8:54:45 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<sidebar.exe> C:\Program Files (x86)\Windows Sidebar\sidebar.exe

Log: 'System' Date/Time: 20/11/2011 8:54:18 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\...rosoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5

Log: 'System' Date/Time: 20/11/2011 8:53:53 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\...rosoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5

Log: 'System' Date/Time: 20/11/2011 8:53:28 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\...rosoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636

Log: 'System' Date/Time: 20/11/2011 8:53:03 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<svchost.exe> C:\Windows\System32\ndiscapCfg.dll

Log: 'System' Date/Time: 20/11/2011 8:52:38 PM
Type: Warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<RarExtLoader.e> C:\Program Files (x86)\WinRAR\Formats\gz.fmt



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/11/2011 3:04:46 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/11/2011 8:51:59 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
We have a bunch of services which don't want to start and Avira is not happy but the good news is that the controller errors are gone. The rest I think we can fix.

First let's get rid of Avira and install the free version of Avast.

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall Avira
Reboot
Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Now Right click on (My) Computer and select Manage then services and Applications then Services. Find Windows Search and right click and select Properties. Change the Startup Type to Disabled. Apply. OK. Close the services window.

Clear the event logs and reboot and run Vino's as before and let's see how it looks now.

Ron
  • 0

Advertisements


#11
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Here they are again...

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/11/2011 3:52:34 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/11/2011 9:51:50 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 9:51:50 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 9:51:50 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 9:51:50 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 9:51:50 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 9:51:50 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 9:51:50 PM
Type: Error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort0.

Log: 'System' Date/Time: 20/11/2011 9:50:14 PM
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/11/2011 9:49:41 PM
Type: Warning Category: 0
Event: 4 Source: k57nd60a
Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 20/11/2011 9:48:24 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/11/2011 3:53:26 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/11/2011 9:51:19 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Ugh, the "The driver detected a controller error on \Device\Ide\IdePort0." error is back.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Copy the text in the code box:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
atapi.sys
DMIcall.sys
beep.sys
Netshell.dll
netcfgx.dll
Netman.dll
connect.dll
mswsock.dll
mmswsock.dll 
athExt.dll
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply. Go ahead and post your logs now. The next step will take a while.


Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
  • 0

#13
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Here's the first logs...

OTL logfile created on: 11/20/2011 5:07:59 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Destiny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 20.38% Memory free
3.49 Gb Paging File | 1.76 Gb Available in Paging File | 50.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 107.91 Gb Free Space | 49.33% Space Free | Partition Type: NTFS

Computer Name: DESTINY_LAPTOP | User Name: Destiny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/19 21:14:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Destiny\Desktop\OTL.exe
PRC - [2011/11/17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Destiny\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/10/25 09:10:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/20 17:41:22 | 000,067,904 | -H-- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/03/08 17:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/03 07:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 07:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 11:47:44 | 000,206,208 | -H-- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/11/22 11:49:08 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/25 09:10:53 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/17 06:45:03 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2010/07/04 15:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2010/01/13 11:47:44 | 000,206,208 | -H-- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/20 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/06/17 07:30:54 | 000,094,480 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/11/11 13:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/17 08:17:08 | 000,202,752 | -H-- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 21:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010/01/21 16:24:56 | 000,130,048 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/05/25 08:42:22 | 000,034,224 | -H-- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV:64bit: - [2007/05/25 08:42:12 | 000,567,216 | -H-- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxddcoms.exe -- (lxdd_device)
SRV - [2011/11/20 11:14:11 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/06 14:06:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/20 17:41:22 | 000,067,904 | -H-- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 17:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/06 15:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 15:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 15:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 15:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 15:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 15:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/06/17 07:30:50 | 000,154,752 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 20:25:38 | 000,072,064 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/03/20 12:59:08 | 000,321,064 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/03/17 16:48:58 | 002,212,352 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/17 11:24:24 | 006,405,120 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/17 07:21:18 | 000,188,928 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/08 07:57:22 | 000,239,136 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 05:25:10 | 000,301,104 | -H-- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 01:01:24 | 000,213,280 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 03:55:32 | 000,016,440 | -H-- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:36 | 000,867,328 | -H-- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 20:15:30 | 000,060,464 | -H-- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 20:15:30 | 000,022,576 | -H-- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 20:15:30 | 000,020,016 | -H-- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | -H-- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 02:46:08 | 000,018,432 | -H-- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 02:46:08 | 000,016,896 | -H-- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2010/12/18 05:03:58 | 000,025,280 | -H-- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 17:35:44 | 000,255,552 | -H-- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...h4z195t45k2n299
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: " "
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Inbox.com Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/20 15:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/27 14:45:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/02 13:21:40 | 000,000,000 | ---D | M]

[2010/07/27 17:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Destiny\AppData\Roaming\Mozilla\Extensions
[2011/11/19 21:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\extensions
[2011/10/25 21:52:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/20 15:26:23 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/12/06 20:20:22 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\extensions\[email protected]
[2010/12/17 18:23:32 | 000,000,863 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\searchplugins\conduit.xml
[2010/10/30 13:50:36 | 000,001,463 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\searchplugins\crawlersrch.xml
[2011/05/18 08:10:04 | 000,001,635 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\searchplugins\firefox-add-ons.xml
[2010/09/13 21:47:37 | 000,001,594 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\Mozilla\Firefox\Profiles\x9encoya.default\searchplugins\web-search.xml
[2011/11/01 23:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 16:43:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/08/09 16:33:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/01/07 15:44:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/10 17:54:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/01 07:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/11/01 23:09:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/20 15:39:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9ENCOYA.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI
() (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9ENCOYA.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\DESTINY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X9ENCOYA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/25 09:10:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/01 23:08:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/25 09:10:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\13.0.782.218\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/11/20 09:49:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Destiny\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Destiny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A286DF1-A27D-42D7-BE68-9DFFEF4B7789}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42DA7E57-BA43-4216-9C1F-15C39A4F0A6B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 15:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/20 15:40:04 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/20 15:40:03 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/20 15:39:59 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/20 15:39:59 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/20 15:39:57 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/20 15:39:50 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/20 15:39:50 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/20 15:39:19 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/20 15:39:19 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/20 15:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/20 15:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/20 14:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WD_SmartWareCommon
[2011/11/20 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Local\Western_Digital
[2011/11/20 14:32:56 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Roaming\Western Digital
[2011/11/20 14:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011/11/20 14:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/11/20 14:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2011/11/20 14:31:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/11/20 14:31:02 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Local\Western Digital
[2011/11/20 11:13:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/20 10:42:27 | 000,061,440 | ---- | C] ( ) -- C:\Users\Destiny\Desktop\VEW.exe
[2011/11/20 10:20:05 | 000,000,000 | ---D | C] -- C:\Users\Destiny\Desktop\Log Files
[2011/11/20 09:53:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/20 09:28:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/20 09:28:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/20 09:28:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/20 09:28:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/20 09:28:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/20 09:25:54 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Destiny\Desktop\aswMBR.exe
[2011/11/20 09:25:43 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Destiny\Desktop\tdsskiller.exe
[2011/11/20 09:24:22 | 004,302,603 | R--- | C] (Swearware) -- C:\Users\Destiny\Desktop\ComboFix.exe
[2011/11/19 21:13:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Destiny\Desktop\OTL.exe
[2011/11/19 20:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/11/19 20:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/19 19:26:54 | 000,000,000 | ---D | C] -- C:\Users\Destiny\Desktop\Playlists
[2011/11/19 12:34:04 | 000,000,000 | ---D | C] -- C:\Users\Destiny\Desktop\Gracie Community Service Project Pictures
[2011/11/17 20:27:54 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2011/11/17 19:01:08 | 000,000,000 | ---D | C] -- C:\Windows\TempA15C60A7-B1BC-57C4-65E0-BBA546F200C4-Signatures
[2011/11/17 18:43:06 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/11/17 18:43:06 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/11/17 18:43:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/11/17 18:43:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/11/17 18:43:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/11/17 18:43:06 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/11/17 18:43:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/11/17 18:43:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/11/17 18:43:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/11/17 18:43:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/11/17 18:43:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/11/17 18:43:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/11/17 18:43:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/11/17 18:43:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/11/17 18:43:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/11/17 18:43:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/11/17 18:43:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/11/17 18:43:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/11/17 18:43:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/11/17 18:43:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/11/17 18:43:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/11/17 18:43:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/11/17 18:43:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/11/17 18:43:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/11/17 18:43:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/11/17 18:43:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/11/17 18:43:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/11/17 18:43:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/11/17 18:43:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/11/17 18:43:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/11/17 18:43:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/11/17 18:43:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/11/17 18:43:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/11/17 18:43:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/11/17 18:43:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/11/17 18:43:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/11/17 18:43:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/11/17 18:43:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/11/17 18:43:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/11/17 18:42:39 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/11/17 18:42:39 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/11/17 18:42:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/11/17 18:42:39 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/11/17 18:42:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/11/17 18:42:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/11/17 18:42:39 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/11/17 18:42:39 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/11/17 18:42:38 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/11/17 18:40:00 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/11/17 18:39:59 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/11/17 18:39:57 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/11/17 18:32:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/11/17 17:49:33 | 000,000,000 | ---D | C] -- C:\Windows\TempBBE37D1D-C6EE-F943-B395-87A003CAF374-Signatures
[2011/11/17 16:31:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/17 16:31:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/17 16:31:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/17 16:31:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/17 16:31:06 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/11/17 16:31:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/17 16:31:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/17 16:31:05 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/11/17 16:31:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/11/17 16:28:37 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/11/17 16:28:37 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/11/17 16:28:37 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/11/17 16:28:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/11/17 15:54:20 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/11/17 15:54:19 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/11/10 23:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/09 17:55:30 | 000,000,000 | ---D | C] -- C:\Users\Destiny\AppData\Local\Akamai
[2011/11/04 20:11:33 | 000,000,000 | ---D | C] -- C:\Windows\TempF530868F-ED21-E08F-F66D-3E1C558F5856-Signatures
[2011/11/04 19:43:08 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/11/04 19:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/11/04 19:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Resource Kits
[2011/11/04 18:08:39 | 000,000,000 | ---D | C] -- C:\Users\Destiny\Desktop\MCAT INFO
[2011/11/01 23:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/01 23:09:02 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/01 23:09:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/01 23:09:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/01 23:09:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/27 14:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 17:03:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/20 16:33:56 | 000,000,898 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 16:01:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 16:01:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 15:51:09 | 000,001,592 | -H-- | M] () -- C:\Windows\Sandboxie.ini
[2011/11/20 15:50:37 | 000,000,894 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/20 15:49:40 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/20 15:40:05 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/20 15:39:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/20 15:28:36 | 061,657,064 | ---- | M] () -- C:\Users\Destiny\Desktop\setup_av_free_cnet.exe
[2011/11/20 14:32:29 | 000,001,337 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/11/20 14:32:29 | 000,001,322 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/11/20 14:26:53 | 010,597,050 | ---- | M] () -- C:\Users\Destiny\Desktop\cbs.old
[2011/11/20 12:59:02 | 000,000,512 | ---- | M] () -- C:\Users\Destiny\Desktop\MBR.dat
[2011/11/20 11:51:23 | 382,913,897 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/20 10:42:34 | 000,061,440 | ---- | M] ( ) -- C:\Users\Destiny\Desktop\VEW.exe
[2011/11/20 09:49:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/20 09:25:59 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Destiny\Desktop\aswMBR.exe
[2011/11/20 09:25:54 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Destiny\Desktop\tdsskiller.exe
[2011/11/20 09:24:38 | 004,302,603 | R--- | M] (Swearware) -- C:\Users\Destiny\Desktop\ComboFix.exe
[2011/11/19 21:14:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Destiny\Desktop\OTL.exe
[2011/11/19 21:05:39 | 000,071,244 | ---- | M] () -- C:\Users\Destiny\Documents\cc_20111119_210525.reg
[2011/11/19 20:59:21 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/17 17:30:39 | 005,009,960 | -H-- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/16 16:16:13 | 000,017,950 | ---- | M] () -- C:\Users\Destiny\AppData\Roaming\wklnhst.dat
[2011/11/10 17:43:15 | 000,581,650 | ---- | M] () -- C:\Users\Destiny\Desktop\certificate-fih.pdf
[2011/11/04 19:31:44 | 000,001,332 | ---- | M] () -- C:\reset.cmd
[2011/11/01 23:08:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/01 23:08:38 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/01 23:08:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/01 23:08:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/27 14:45:34 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/25 09:11:29 | 000,002,016 | ---- | M] () -- C:\Users\Destiny\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 15:40:05 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/20 15:39:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/11/20 15:27:38 | 061,657,064 | ---- | C] () -- C:\Users\Destiny\Desktop\setup_av_free_cnet.exe
[2011/11/20 14:32:29 | 000,001,337 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/11/20 14:32:29 | 000,001,322 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/11/20 14:26:52 | 010,597,050 | ---- | C] () -- C:\Users\Destiny\Desktop\cbs.old
[2011/11/20 11:13:07 | 382,913,897 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/20 11:11:56 | 000,000,512 | ---- | C] () -- C:\Users\Destiny\Desktop\MBR.dat
[2011/11/20 09:28:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/20 09:28:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/20 09:28:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/20 09:28:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/20 09:28:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/19 21:05:30 | 000,071,244 | ---- | C] () -- C:\Users\Destiny\Documents\cc_20111119_210525.reg
[2011/11/19 20:59:21 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/10 17:43:15 | 000,581,650 | ---- | C] () -- C:\Users\Destiny\Desktop\certificate-fih.pdf
[2011/11/04 19:25:05 | 000,001,332 | ---- | C] () -- C:\reset.cmd
[2011/10/27 14:45:34 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/09/24 17:40:30 | 000,003,584 | ---- | C] () -- C:\Users\Destiny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/28 09:53:40 | 000,000,000 | ---- | C] () -- C:\Windows\DVM.INI
[2011/07/18 18:35:22 | 000,045,056 | -H-- | C] () -- C:\Windows\strings.exe
[2011/07/14 13:22:37 | 000,001,592 | -H-- | C] () -- C:\Windows\Sandboxie.ini
[2011/07/06 08:37:37 | 000,000,000 | ---- | C] () -- C:\Users\Destiny\AppData\Local\{0079864C-5CDA-4D9A-BF33-A93C0B9AA0E2}
[2011/04/14 18:22:05 | 000,743,534 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/08 12:40:21 | 000,000,031 | -H-- | C] () -- C:\Windows\QUICKEN.INI
[2011/01/20 20:21:32 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2010/07/29 09:31:39 | 000,017,950 | ---- | C] () -- C:\Users\Destiny\AppData\Roaming\wklnhst.dat
[2010/07/28 09:36:56 | 000,000,346 | -H-- | C] () -- C:\Windows\wininit.ini
[2010/07/27 17:16:21 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010/04/28 15:14:59 | 000,632,056 | -H-- | C] () -- C:\Windows\Image.dll
[2010/04/28 15:14:59 | 000,206,208 | -H-- | C] () -- C:\Windows\PLFSetI.exe
[2010/04/28 15:14:59 | 000,025,848 | -H-- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/04/28 15:14:59 | 000,000,637 | -H-- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/04/28 15:14:59 | 000,000,378 | -H-- | C] () -- C:\Windows\PidList.ini
[2010/04/28 15:11:05 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/02 01:55:20 | 000,001,116 | -H-- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/09/16 18:27:58 | 000,508,224 | -H-- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2010/04/02 01:58:52 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/11/20 10:13:50 | 000,020,353 | ---- | M] () -- C:\ComboFix.txt
[2011/11/20 15:49:40 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/17 13:58:48 | 000,000,086 | ---- | M] () -- C:\hosts.reg
[2011/06/17 13:58:35 | 000,000,086 | ---- | M] () -- C:\hosts.txt
[2011/06/03 16:50:11 | 000,001,216 | ---- | M] () -- C:\look.txt
[2011/11/20 15:49:42 | 1873,698,816 | -HS- | M] () -- C:\pagefile.sys
[2011/11/04 19:31:44 | 000,001,332 | ---- | M] () -- C:\reset.cmd
[2010/04/02 01:15:34 | 000,003,274 | ---- | M] () -- C:\RHDSetup.log
[2011/11/20 10:42:44 | 000,078,006 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_20.11.2011_10.33.21_log.txt
[2011/11/20 13:04:27 | 000,008,642 | ---- | M] () -- C:\VEW-Applications.txt
[2011/11/20 13:02:12 | 000,007,652 | ---- | M] () -- C:\VEW-System.txt
[2011/11/20 15:53:27 | 000,000,850 | ---- | M] () -- C:\VEW.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | -H-- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | -H-- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | -H-- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | -H-- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: BEEP.SYS >
[2009/07/13 18:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/13 18:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

< MD5 for: CONNECT.DLL >
[2009/07/13 19:15:07 | 001,344,512 | ---- | M] (Microsoft Corporation) MD5=5FC2D30C05487B480C2A154D5D281BA0 -- C:\Windows\SysWOW64\connect.dll
[2009/07/13 19:15:07 | 001,344,512 | ---- | M] (Microsoft Corporation) MD5=5FC2D30C05487B480C2A154D5D281BA0 -- C:\Windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.1.7600.16385_none_64e4e40af80e0f24\connect.dll
[2009/07/13 19:40:23 | 001,393,152 | ---- | M] (Microsoft Corporation) MD5=ECE81C30343DC8A1FADA4BF1437F7ED1 -- C:\Windows\SysNative\connect.dll
[2009/07/13 19:40:23 | 001,393,152 | ---- | M] (Microsoft Corporation) MD5=ECE81C30343DC8A1FADA4BF1437F7ED1 -- C:\Windows\winsxs\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.1.7600.16385_none_c1037f8eb06b805a\connect.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 19:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 07:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/20 07:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 07:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 06:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/20 06:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 06:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 19:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NETCFGX.DLL >
[2010/11/20 07:27:22 | 000,519,680 | ---- | M] (Microsoft Corporation) MD5=03706015DB44368375AEBE6339490E66 -- C:\Windows\SysNative\netcfgx.dll
[2010/11/20 07:27:22 | 000,519,680 | ---- | M] (Microsoft Corporation) MD5=03706015DB44368375AEBE6339490E66 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7601.17514_none_9c3aecd33c2750cf\netcfgx.dll
[2010/11/20 06:20:28 | 000,406,528 | ---- | M] (Microsoft Corporation) MD5=1FF7E4F548C7C372C804938F0D5B36AE -- C:\Windows\SysWOW64\netcfgx.dll
[2010/11/20 06:20:28 | 000,406,528 | ---- | M] (Microsoft Corporation) MD5=1FF7E4F548C7C372C804938F0D5B36AE -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7601.17514_none_401c514f83c9df99\netcfgx.dll
[2009/07/13 19:41:52 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=8F6D9A20F1FB06F0602A7D5A82840DBF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7600.16385_none_9a09d90b3f38cd35\netcfgx.dll
[2009/07/13 19:16:02 | 000,403,456 | ---- | M] (Microsoft Corporation) MD5=C5B5CCDBF8ED1475240313ED88234E3F -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.1.7600.16385_none_3deb3d8786db5bff\netcfgx.dll

< MD5 for: NETMAN.DLL >
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\ERDNT\cache64\netman.dll
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: NETSHELL.DLL >
[2009/07/13 19:41:52 | 002,651,136 | ---- | M] (Microsoft Corporation) MD5=66920354B984D4A3848A84B4E66745EA -- C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.1.7600.16385_none_31785c7a27bbcfd4\netshell.dll
[2010/11/20 07:27:22 | 002,652,160 | ---- | M] (Microsoft Corporation) MD5=A42F2C1EB3B66C54FB3C7B79D30C1A6D -- C:\Windows\SysNative\netshell.dll
[2010/11/20 07:27:22 | 002,652,160 | ---- | M] (Microsoft Corporation) MD5=A42F2C1EB3B66C54FB3C7B79D30C1A6D -- C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_33a9704224aa536e\netshell.dll
[2010/11/20 06:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=EAB975DB4C2805927FE5BD047D05C9AA -- C:\Windows\SysWOW64\netshell.dll
[2010/11/20 06:20:29 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=EAB975DB4C2805927FE5BD047D05C9AA -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7601.17514_none_d78ad4be6c4ce238\netshell.dll
[2009/07/13 19:16:03 | 002,494,464 | ---- | M] (Microsoft Corporation) MD5=F7611E0F05B4EB272102CA9883CA98A7 -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.1.7600.16385_none_d559c0f66f5e5e9e\netshell.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:264B2CC4
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8B2A99C5

< End of report >

OTL Extras logfile created on: 11/20/2011 5:07:59 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Destiny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.36 Gb Available Physical Memory | 20.38% Memory free
3.49 Gb Paging File | 1.76 Gb Available in Paging File | 50.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 107.91 Gb Free Space | 49.33% Space Free | Partition Type: NTFS

Computer Name: DESTINY_LAPTOP | User Name: Destiny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{42281103-DF49-8A45-C960-977096F29F45}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7A23D2C6-6FF9-EBAD-73E2-4717BB08983F}" = ATI Catalyst Install Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DVDFab 8 Qt Retail_is1" = DVDFab 8.0.9.8 (08/06/2011) Qt
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Sandboxie" = Sandboxie 3.56 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15424D99-B708-54FD-94EC-997BE1976918}" = CCC Help Japanese
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1DCEE28F-CEDA-ADBA-DE41-1377ADD42DD3}" = CCC Help Finnish
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2552055A-7121-346E-F287-C0E7CC1BB36E}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{327AD686-FD94-F270-C0C9-D379ACC3CCA3}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CABCB73-0ABE-9578-A11C-6888ECF5D6D7}" = CCC Help Portuguese
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3DCF232A-B152-4375-B840-F19D866A316D}" = Catalyst Control Center Graphics Full New
"{3F34DE3B-887D-72A9-FCFE-2676B2EDBE67}" = CCC Help Thai
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B30D670-AA94-3DAC-965D-CA8FED631DA3}" = Catalyst Control Center Graphics Previews Common
"{5F65AB3C-FCF3-E10B-3203-26F3C133F036}" = CCC Help Chinese Standard
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64CFDAC9-C358-88FE-E0E3-B33ED5C8AB2C}" = CCC Help Norwegian
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{702A9675-C93C-6914-7B90-8056525349A7}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7661AFE4-1F7A-8B5C-D395-3A8B682F106A}" = CCC Help Korean
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{77D3B22B-CB40-19AE-5A7D-9256E9862010}" = Catalyst Control Center Core Implementation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A555AD4-057E-EB0B-3C2D-82658AA1B190}" = CCC Help English
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81FC1368-171E-4151-E3E1-D63C8CF1F150}" = CCC Help Polish
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85DD738D-6572-53AA-E570-50D0D0842722}" = Catalyst Control Center Graphics Full Existing
"{86141D3B-58F6-D4E9-809E-05032F1C09BE}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97DA45B6-451C-A4B8-897F-106E2B3B6E2F}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A26840C5-95D5-BB10-700A-304AA9F4AF92}" = CCC Help Greek
"{A385939C-3DE9-5568-D8B0-3972BA293DC7}" = CCC Help German
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B284EA3C-8391-5648-BFC4-800A44D01ADA}" = ccc-core-static
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2F1B278-B685-1112-F051-AD05C5946C0D}" = CCC Help French
"{B3A0945A-1A84-BD5C-D33A-F4DC811FCCCC}" = CCC Help Chinese Traditional
"{B4060669-4633-038A-8A50-E05D1F54929E}" = CCC Help Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC171806-3828-33E5-289C-9609C5BC59DF}" = Catalyst Control Center Localization All
"{BDE26FB2-E880-BFF9-3A85-18D70FC44D8D}" = Catalyst Control Center InstallProxy
"{C31501D8-8267-A455-D269-85FBDBE2BFC3}" = CCC Help Italian
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75A193A-D403-5707-7D32-166DF4EA47DD}" = CCC Help Spanish
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4905980-7A59-8CE0-1336-EBC0338DAC1B}" = CCC Help Hungarian
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F98098D2-8822-1B1D-6771-945669046216}" = CCC Help Danish
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"Blueline_is1" = Blueline 1.1.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Guild Wars" = Guild Wars
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"KeyNote_is1" = KeyNote 1.6.5
"LManager" = Launch Manager
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Office14.SingleImage" = Microsoft Office Professional 2010
"Picasa 3" = Picasa 3
"RCA Detective™_is1" = RCA Detective™ 2.0.0.99
"RCA Digital Voice Manager_is1" = RCA Digital Voice Manager 5.1.1.2
"SpeedFan" = SpeedFan (remove only)
"Unlocker" = Unlocker 1.9.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2011 6:43:28 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5585

Error - 11/20/2011 6:43:29 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/20/2011 6:43:29 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6662

Error - 11/20/2011 6:43:29 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6662

Error - 11/20/2011 6:43:30 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/20/2011 6:43:30 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7691

Error - 11/20/2011 6:43:30 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7691

Error - 11/20/2011 6:43:31 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/20/2011 6:43:31 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8861

Error - 11/20/2011 6:43:31 PM | Computer Name = Destiny_Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8861

[ Media Center Events ]
Error - 10/5/2010 11:25:36 AM | Computer Name = Destiny_Laptop | Source = MCUpdate | ID = 0
Description = 10:25:36 AM - Error connecting to the internet. 10:25:36 AM - Unable
to contact server..

Error - 8/21/2011 2:43:51 PM | Computer Name = Destiny_Laptop | Source = MCUpdate | ID = 0
Description = 1:43:27 PM - Failed to retrieve MCESpotlight (Error: The operation
has timed out)

Error - 10/11/2011 9:22:32 AM | Computer Name = Destiny_Laptop | Source = MCUpdate | ID = 0
Description = 8:22:09 AM - Error connecting to the internet. 8:22:10 AM - Unable
to contact server..

[ System Events ]
Error - 11/20/2011 5:51:50 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/20/2011 5:51:50 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/20/2011 5:51:50 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/20/2011 5:51:50 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/20/2011 5:51:50 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/20/2011 7:06:25 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/20/2011 7:06:25 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/20/2011 7:06:25 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/20/2011 7:06:25 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 11/20/2011 7:06:25 PM | Computer Name = Destiny_Laptop | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >

Summary
Operating System
MS Windows 7 Home Premium 64-bit SP1
CPU
AMD V120 57 °C
Champlain 45nm Technology
RAM
2.00 GB Dual-Channel DDR3 @ 531MHz (7-7-7-20)
Motherboard
Acer Aspire 5251 (Socket S1G4) 56 °C
Graphics
Generic PnP Monitor ([email protected])
ATI Mobility Radeon HD 4250 (Acer Incorporated [ALI])
Hard Drives
244GB Seagate ST9250315AS ATA Device (SATA) 40 °C
Optical Drives
MATSHITA DVD-RAM UJ890AS ATA Device
Audio
Realtek High Definition Audio
Operating System
MS Windows 7 Home Premium 64-bit SP1
Installation Date: 27 July 2010, 17:38
Serial Number: XXXXXXXXXXXXXXXXXXXXXXXXXX
Windows Security Center
User Account Control (UAC) Enabled
Notify level 2 - Default
Firewall Enabled
Windows Update
AutoUpdate Download Automatically and Install at Set Scheduled time
Schedule Frequency Every day
Schedule Time 3 am
Windows Defender
Windows Defender Enabled
Environment Variables
USERPROFILE C:\Users\Destiny
SystemRoot C:\Windows
User Variables
TEMP C:\Users\Destiny\AppData\Local\Temp
TMP C:\Users\Destiny\AppData\Local\Temp
Machine Variables
ComSpec C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
OS Windows_NT
Path
C:\Windows\system32
C:\Windows
C:\Windows\system32\wbem
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
C:\Program Files (x86)\EgisTec MyWinLocker\x86
C:\Program Files (x86)\EgisTec MyWinLocker\x64
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
C:\Program Files (x86)\Windows Live\Shared
C:\Program Files (x86)\QuickTime\QTSystem
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE AMD64
TEMP C:\Windows\TEMP
TMP C:\Windows\TEMP
USERNAME SYSTEM
windir C:\Windows
PSModulePath C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
NUMBER_OF_PROCESSORS 1
PROCESSOR_LEVEL 16
PROCESSOR_IDENTIFIER AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
PROCESSOR_REVISION 0603
asl.log
Destination=file
OnFirstLog=command,environment,parent
NTIPath
C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
C:\Program Files (x86)\EgisTec MyWinLocker\x86
C:\Program Files (x86)\EgisTec MyWinLocker\x64
CLASSPATH
.
C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
QTJAVA C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
TimeZone
TimeZone GMT -6 Hours
Language English
Country United States
Currency $
Date Format M/d/yyyy
Time Format h:mm:ss tt
Power Profile
Active power scheme Home/Office Desk
Hibernation Enabled
Scheduler
11/20/2011 6:33 PM;Every 1 hour(s) from 3:33 PM for 24 hour(s) every day, starting 10/19/2011 GoogleUpdateTaskMachineUA
11/21/2011 3:33 PM;Run at user logon GoogleUpdateTaskMachineCore
Process List
applemobiledeviceservice.exe
Process ID 1640
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Memory Usage 5.64 MB
Peak Memory Usage 8.97 MB
armsvc.exe
Process ID 1056
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
Memory Usage 2.20 MB
Peak Memory Usage 4.24 MB
atieclxx.exe
Process ID 1160
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\atieclxx.exe
Memory Usage 4.68 MB
Peak Memory Usage 6.71 MB
atiesrxx.exe
Process ID 888
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\atiesrxx.exe
Memory Usage 2.80 MB
Peak Memory Usage 4.54 MB
audiodg.exe
Process ID 2724
avastsvc.exe
Process ID 1440
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Memory Usage 37 MB
Peak Memory Usage 92 MB
avastui.exe
Process ID 2408
User Destiny
Domain Destiny_Laptop
Path C:\Program Files\AVAST Software\Avast\AvastUI.exe
Memory Usage 5.00 MB
Peak Memory Usage 22 MB
chrome.exe
Process ID 964
User Destiny
Domain Destiny_Laptop
Path C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Memory Usage 17 MB
Peak Memory Usage 27 MB
csrss.exe
Process ID 452
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 2.99 MB
Peak Memory Usage 4.37 MB
csrss.exe
Process ID 528
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\csrss.exe
Memory Usage 16 MB
Peak Memory Usage 32 MB
dllhost.exe
Process ID 2796
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\DllHost.exe
Memory Usage 4.77 MB
Peak Memory Usage 7.15 MB
dsiwmis.exe
Process ID 2120
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Launch Manager\dsiwmis.exe
Memory Usage 4.10 MB
Peak Memory Usage 6.01 MB
dwm.exe
Process ID 1692
User Destiny
Domain Destiny_Laptop
Path C:\Windows\system32\Dwm.exe
Memory Usage 35 MB
Peak Memory Usage 44 MB
epowerevent.exe
Process ID 3836
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
Memory Usage 2.64 MB
Peak Memory Usage 4.88 MB
epowersvc.exe
Process ID 2156
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
Memory Usage 4.16 MB
Peak Memory Usage 7.02 MB
epowertray.exe
Process ID 2660
User Destiny
Domain Destiny_Laptop
Path C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
Memory Usage 6.33 MB
Peak Memory Usage 9.72 MB
explorer.exe
Process ID 1708
User Destiny
Domain Destiny_Laptop
Path C:\Windows\Explorer.EXE
Memory Usage 53 MB
Peak Memory Usage 73 MB
firefox.exe
Process ID 4804
User Destiny
Domain Destiny_Laptop
Path C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Memory Usage 264 MB
Peak Memory Usage 292 MB
gregsvc.exe
Process ID 2208
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
Memory Usage 1.99 MB
Peak Memory Usage 3.09 MB
ischedulesvc.exe
Process ID 2416
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
Memory Usage 8.86 MB
Peak Memory Usage 10 MB
jusched.exe
Process ID 2908
User Destiny
Domain Destiny_Laptop
Path C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Memory Usage 2.39 MB
Peak Memory Usage 4.55 MB
lmanager.exe
Process ID 2844
User Destiny
Domain Destiny_Laptop
Path C:\Program Files (x86)\Launch Manager\LManager.exe
Memory Usage 7.93 MB
Peak Memory Usage 13 MB
lmworker.exe
Process ID 3228
User Destiny
Domain Destiny_Laptop
Path C:\Program Files (x86)\Launch Manager\LMworker.exe
Memory Usage 2.47 MB
Peak Memory Usage 4.29 MB
lsass.exe
Process ID 640
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsass.exe
Memory Usage 11 MB
Peak Memory Usage 14 MB
lsm.exe
Process ID 648
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lsm.exe
Memory Usage 3.38 MB
Peak Memory Usage 4.75 MB
lxddcoms.exe
Process ID 2280
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\lxddcoms.exe
Memory Usage 3.50 MB
Peak Memory Usage 8.55 MB
lxddserv.exe
Process ID 2236
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\spool\DRIVERS\x64\3\lxddserv.exe
Memory Usage 1.95 MB
Peak Memory Usage 3.66 MB
mdnsresponder.exe
Process ID 2060
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Bonjour\mDNSResponder.exe
Memory Usage 4.25 MB
Peak Memory Usage 5.93 MB
mmdx64fx.exe
Process ID 3164
User Destiny
Domain Destiny_Laptop
Path C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
Memory Usage 2.87 MB
Peak Memory Usage 5.14 MB
netsession_win.exe
Process ID 2584
User Destiny
Domain Destiny_Laptop
Path C:\Users\Destiny\AppData\Local\Akamai\netsession_win.exe
Memory Usage 10 MB
Peak Memory Usage 13 MB
netsession_win.exe
Process ID 3060
User Destiny
Domain Destiny_Laptop
Path C:\Users\Destiny\AppData\Local\Akamai\netsession_win.exe
Memory Usage 3.66 MB
Peak Memory Usage 6.38 MB
nlssrv32.exe
Process ID 2328
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\SysWOW64\NLSSRV32.EXE
Memory Usage 1.78 MB
Peak Memory Usage 2.98 MB
plfseti.exe
Process ID 2644
User Destiny
Domain Destiny_Laptop
Path C:\Windows\PLFSetI.exe
Memory Usage 5.59 MB
Peak Memory Usage 7.71 MB
plugin-container.exe
Process ID 5100
User Destiny
Domain Destiny_Laptop
Path C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Memory Usage 11 MB
Peak Memory Usage 17 MB
ravcpl64.exe
Process ID 2520
User Destiny
Domain Destiny_Laptop
Path C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Memory Usage 6.79 MB
Peak Memory Usage 12 MB
sbiectrl.exe
Process ID 2812
User Destiny
Domain Destiny_Laptop
Path C:\Program Files\Sandboxie\SbieCtrl.exe
Memory Usage 7.06 MB
Peak Memory Usage 12 MB
sbiesvc.exe
Process ID 1136
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Sandboxie\SbieSvc.exe
Memory Usage 2.27 MB
Peak Memory Usage 4.38 MB
services.exe
Process ID 624
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\services.exe
Memory Usage 7.82 MB
Peak Memory Usage 16 MB
sidebar.exe
Process ID 2704
User Destiny
Domain Destiny_Laptop
Path C:\Program Files\Windows Sidebar\sidebar.exe
Memory Usage 32 MB
Peak Memory Usage 40 MB
smss.exe
Process ID 304
User SYSTEM
Domain NT AUTHORITY
Path \SystemRoot\System32\smss.exe
Memory Usage 604 KB
Peak Memory Usage 1.13 MB
speccy64.exe
Process ID 5040
User Destiny
Domain Destiny_Laptop
Path C:\Program Files\Speccy\Speccy64.exe
Memory Usage 24 MB
Peak Memory Usage 25 MB
spoolsv.exe
Process ID 2008
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\spoolsv.exe
Memory Usage 11 MB
Peak Memory Usage 17 MB
spuvolumewatcher.exe
Process ID 992
User Destiny
Domain Destiny_Laptop
Path C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
Memory Usage 4.18 MB
Peak Memory Usage 6.14 MB
svchost.exe
Process ID 1344
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 29 MB
Peak Memory Usage 50 MB
svchost.exe
Process ID 3156
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 4.52 MB
Peak Memory Usage 6.88 MB
svchost.exe
Process ID 760
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 6.88 MB
Peak Memory Usage 9.55 MB
svchost.exe
Process ID 840
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 6.49 MB
Peak Memory Usage 8.39 MB
svchost.exe
Process ID 976
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 19 MB
Peak Memory Usage 25 MB
svchost.exe
Process ID 332
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 66 MB
Peak Memory Usage 82 MB
svchost.exe
Process ID 2196
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 28 MB
Peak Memory Usage 122 MB
svchost.exe
Process ID 1068
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 15 MB
Peak Memory Usage 18 MB
svchost.exe
Process ID 516
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 38 MB
Peak Memory Usage 163 MB
svchost.exe
Process ID 2468
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 4.55 MB
Peak Memory Usage 6.08 MB
svchost.exe
Process ID 2180
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 21 MB
Peak Memory Usage 32 MB
svchost.exe
Process ID 4364
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\System32\svchost.exe
Memory Usage 13 MB
Peak Memory Usage 16 MB
svchost.exe
Process ID 1636
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\SysWOW64\svchost.exe
Memory Usage 7.70 MB
Peak Memory Usage 19 MB
svchost.exe
Process ID 2044
User LOCAL SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\svchost.exe
Memory Usage 14 MB
Peak Memory Usage 48 MB
syntpenh.exe
Process ID 2596
User Destiny
Domain Destiny_Laptop
Path C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Memory Usage 9.46 MB
Peak Memory Usage 15 MB
syntphelper.exe
Process ID 4264
User Destiny
Domain Destiny_Laptop
Path C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Memory Usage 2.63 MB
Peak Memory Usage 4.41 MB
system
Process ID 4
system idle process
Process ID 0
taskeng.exe
Process ID 532
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\taskeng.exe
Memory Usage 5.36 MB
Peak Memory Usage 5.47 MB
unlockerassistant.exe
Process ID 2316
User Destiny
Domain Destiny_Laptop
Path C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
Memory Usage 2.57 MB
Peak Memory Usage 4.63 MB
unsecapp.exe
Process ID 3588
User Destiny
Domain Destiny_Laptop
Path C:\Windows\system32\wbem\unsecapp.exe
Memory Usage 4.45 MB
Peak Memory Usage 6.57 MB
updaterservice.exe
Process ID 2512
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Acer\Acer Updater\UpdaterService.exe
Memory Usage 2.42 MB
Peak Memory Usage 4.11 MB
wddmservice.exe
Process ID 2652
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
Memory Usage 15 MB
Peak Memory Usage 16 MB
wddmstatus.exe
Process ID 228
User Destiny
Domain Destiny_Laptop
Path C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
Memory Usage 6.92 MB
Peak Memory Usage 11 MB
wdsmartware.exe
Process ID 984
User Destiny
Domain Destiny_Laptop
Path C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
Memory Usage 122 MB
Peak Memory Usage 277 MB
wdsmartwarebackgroundservice.exe
Process ID 2900
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
Memory Usage 9.96 MB
Peak Memory Usage 18 MB
wininit.exe
Process ID 520
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wininit.exe
Memory Usage 2.61 MB
Peak Memory Usage 5.02 MB
winlogon.exe
Process ID 568
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\winlogon.exe
Memory Usage 4.86 MB
Peak Memory Usage 8.29 MB
wlidsvc.exe
Process ID 3276
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Memory Usage 9.27 MB
Peak Memory Usage 16 MB
wlidsvcm.exe
Process ID 3340
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
Memory Usage 1.89 MB
Peak Memory Usage 3.64 MB
wmiprvse.exe
Process ID 3664
User SYSTEM
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 5.90 MB
Peak Memory Usage 7.39 MB
wmiprvse.exe
Process ID 2496
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Windows\system32\wbem\wmiprvse.exe
Memory Usage 8.29 MB
Peak Memory Usage 8.29 MB
wmpnetwk.exe
Process ID 4504
User NETWORK SERVICE
Domain NT AUTHORITY
Path C:\Program Files\Windows Media Player\wmpnetwk.exe
Memory Usage 13 MB
Peak Memory Usage 59 MB
yahooauservice.exe
Process ID 3296
User SYSTEM
Domain NT AUTHORITY
Path C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
Memory Usage 4.12 MB
Peak Memory Usage 7.01 MB
Hotfixes
11/18/2011 Definition Update for Windows Defender - KB915597 (Definition 1.115.2100.0)
11/18/2011 Security Update for Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package (KB2565063)
11/18/2011 Microsoft Security Essentials Client Update Package - KB2544035
11/18/2011 Microsoft Security Essentials Client Update Package - KB2544035
11/18/2011 Service Pack 1 for Microsoft Office 2010 (KB2510690) 32-bit Edition
11/18/2011 Microsoft Security Essentials Client Update Package - KB2544035
11/18/2011 Update for Windows 7 for x64-based Systems (KB2607576)
11/18/2011 PowerPoint Viewer 2007 Service Pack 3 (SP3)
11/18/2011 Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.115.2090.0)
11/18/2011 Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2539636)
11/18/2011 Update for Windows 7 for x64-based Systems (KB2570791)
11/18/2011 Security Update for Windows 7 for x64-based Systems (KB2560656)
11/18/2011 Security Update for Microsoft Silverlight (KB2617986)
11/18/2011 Security Update for Microsoft Office 2007 System (KB2553090)
11/18/2011 Security Update for Windows 7 for x64-based Systems (KB2536276)
11/18/2011 Update for Microsoft Office 2010 (KB2523113), 32-Bit Edition
11/18/2011 Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2468871)
11/18/2011 Microsoft Security Essentials Client Update Package - KB2544035
11/18/2011 Update for Microsoft Office 2010 (KB2566458), 32-Bit Edition
11/18/2011 Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
11/18/2011 Security Update for Microsoft Office 2007 System (KB2553089)
11/18/2011 Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2562937)
11/18/2011 Security Update for Microsoft Excel 2010 (KB2553070), 32-Bit Edition
11/18/2011 Update for Office File Validation 2010 (KB2553065), 32-bit Edition
11/18/2011 Update for Windows 7 for x64-based Systems (KB2603229)
11/18/2011 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2539635)
11/18/2011 Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
11/18/2011 Security Update for Microsoft SharePoint Workspace 2010 (KB2566445), 32-Bit Edition
11/18/2011 Security Update for Microsoft Office 2010 (KB2553096), 32-Bit Edition
11/18/2011 Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
11/18/2011 Update for Windows 7 for x64-based Systems (KB2641690)
11/18/2011 Security Update for Microsoft Office 2010 (KB2553091), 32-Bit Edition
11/18/2011 Update for Microsoft Office 2010 (KB2494150), 32-Bit Edition
11/18/2011 Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
11/18/2011 Security Update for Windows 7 for x64-based Systems (KB2567680)
11/18/2011 Security Update for Microsoft Office 2007 System (KB2584063)
11/18/2011 Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2533523)
11/18/2011 Definition Update for Windows Defender - KB915597 (Definition 1.115.1923.0)
11/18/2011 Windows Malicious Software Removal Tool x64 - November 2011 (KB890830)
11/18/2011 Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
11/18/2011 Update for Outlook Social Connector 2010 (KB2583935), 32-Bit Edition
11/18/2011 Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
11/18/2011 Security Update for Windows 7 for x64-based Systems (KB2556532)
11/18/2011 Security Update for Microsoft PowerPoint 2010 (KB2519975), 32-Bit Edition
Battery
AC line Online
Battery full time Unknown
Battery Charge % 100 %
Battery State High
Amount of time remaining (sec) Unknown
Device Tree
ACPI x64-based PC
Microsoft ACPI-Compliant System
AMD V120 Processor
ACPI Thermal Zone
ACPI Power Button
ACPI Sleep Button
Microsoft ACPI-Compliant Control Method Battery
Microsoft AC Adapter
ACPI Lid
ACPI Fixed Feature Button
AMD PCI Express (3GIO) Filter Driver
PCI standard host CPU bridge
ATI I/O Communications Processor SMBus Controller
ATI I/O Communications Processor PCI Bus Controller
PCI standard host CPU bridge
PCI standard host CPU bridge
PCI standard host CPU bridge
PCI standard host CPU bridge
PCI standard host CPU bridge
Motherboard resources
Microsoft Windows Management Interface for ACPI
PCI standard PCI-to-PCI bridge
ATI Mobility Radeon HD 4250
Generic PnP Monitor
High Definition Audio Controller
ATI HDMI Audio
PCI standard PCI-to-PCI bridge
Broadcom NetLink ™ Gigabit Ethernet
PCI standard PCI-to-PCI bridge
Atheros AR5B93 Wireless Network Adapter
Microsoft Virtual WiFi Miniport Adapter
Standard AHCI 1.0 Serial ATA Controller
ATA Channel 2
ATA Channel 3
ATA Channel 4
ATA Channel 5
ATA Channel 0
ST9250315AS ATA Device
ATA Channel 1
MATSHITA DVD-RAM UJ890AS ATA Device
Standard OpenHCD USB Host Controller
USB Root Hub
USB Composite Device
USB Input Device
HID-compliant mouse
USB Input Device
HID-compliant consumer control device
HID-compliant device
HID-compliant device
Standard Enhanced PCI to USB Host Controller
USB Root Hub
Standard OpenHCD USB Host Controller
USB Root Hub
Standard Enhanced PCI to USB Host Controller
USB Root Hub
USB Composite Device
1.3M WebCam
Standard Dual Channel PCI IDE Controller
ATA Channel 0
ATA Channel 1
High Definition Audio Controller
Realtek High Definition Audio
PCI standard ISA bridge
Direct memory access controller
Numeric data processor
Programmable interrupt controller
System CMOS/real time clock
System speaker
System timer
Standard PS/2 Keyboard
Synaptics PS/2 Port TouchPad
Motherboard resources
System board
Microsoft ACPI-Compliant Embedded Controller
Standard OpenHCD USB Host Controller
USB Root Hub
Services
Running Acer ePower Service
Running Adobe Acrobat Update Service
Running Akamai NetSession Interface
Running AMD External Events Utility
Running Apple Mobile Device
Running Application Experience
Running Application Information
Running avast! Antivirus
Running Background Intelligent Transfer Service
Running Base Filtering Engine
Running Bonjour Service
Running CNG Key Isolation
Running COM+ Event System
Running Computer Browser
Running Cryptographic Services
Running DCOM Server Process Launcher
Running Desktop Window Manager Session Manager
Running DHCP Client
Running Diagnostic Policy Service
Running Diagnostic Service Host
Running Distributed Link Tracking Client
Running DNS Client
Running Dritek WMI Service
Running Encrypting File System (EFS)
Running Extensible Authentication Protocol
Running Function Discovery Provider Host
Running Function Discovery Resource Publication
Running GREGService
Running Group Policy Client
Running HomeGroup Listener
Running HomeGroup Provider
Running Human Interface Device Access
Running IKE and AuthIP IPsec Keying Modules
Running IP Helper
Running IPsec Policy Agent
Running lxdd_device
Running lxddCATSCustConnectService
Running Multimedia Class Scheduler
Running Network Connections
Running Network List Service
Running Network Location Awareness
Running Network Store Interface Service
Running NLS Service
Running NTI IScheduleSvc
Running Peer Name Resolution Protocol
Running Peer Networking Grouping
Running Peer Networking Identity Manager
Running Plug and Play
Running Power
Running Print Spooler
Running Program Compatibility Assistant Service
Running Protected Storage
Running Remote Access Connection Manager
Running Remote Procedure Call (RPC)
Running RPC Endpoint Mapper
Running Sandboxie Service
Running Secondary Logon
Running Secure Socket Tunneling Protocol Service
Running Security Accounts Manager
Running Security Center
Running Server
Running Shell Hardware Detection
Running SSDP Discovery
Running Superfetch
Running System Event Notification Service
Running Task Scheduler
Running TCP/IP NetBIOS Helper
Running Telephony
Running Themes
Running Updater Service
Running UPnP Device Host
Running User Profile Service
Running WD SmartWare Background Service
Running WD SmartWare Drive Manager Service
Running Windows Audio
Running Windows Audio Endpoint Builder
Running Windows Connect Now - Config Registrar
Running Windows Defender
Running Windows Driver Foundation - User-mode Driver Framework
Running Windows Event Log
Running Windows Firewall
Running Windows Font Cache Service
Running Windows Image Acquisition (WIA)
Running Windows Live ID Sign-in Assistant
Running Windows Management Instrumentation
Running Windows Media Player Network Sharing Service
Running Windows Update
Running WLAN AutoConfig
Running Workstation
Running Yahoo! Updater
Stopped ActiveX Installer (AxInstSV)
Stopped Adaptive Brightness
Stopped Application Identity
Stopped Application Layer Gateway Service
Stopped BitLocker Drive Encryption Service
Stopped Block Level Backup Engine Service
Stopped Bluetooth Support Service
Stopped Certificate Propagation
Stopped Credential Manager
Stopped Diagnostic System Host
Stopped Disk Defragmenter
Stopped Distributed Transaction Coordinator
Stopped Fax
Stopped FLEXnet Licensing Service
Stopped Google Software Updater
Stopped Google Update Service (gupdate)
Stopped Google Update Service (gupdatem)
Stopped Health Key and Certificate Management
Stopped Interactive Services Detection
Stopped Internet Connection Sharing (ICS)
Stopped iPod Service
Stopped KtmRm for Distributed Transaction Coordinator
Stopped Link-Layer Topology Discovery Mapper
Stopped Media Center Extender Service
Stopped Microsoft .NET Framework NGEN v2.0.50727_X64
Stopped Microsoft .NET Framework NGEN v2.0.50727_X86
Stopped Microsoft .NET Framework NGEN v4.0.30319_X64
Stopped Microsoft .NET Framework NGEN v4.0.30319_X86
Stopped Microsoft iSCSI Initiator Service
Stopped Microsoft Network Inspection
Stopped Microsoft Software Shadow Copy Provider
Stopped Net.Tcp Port Sharing Service
Stopped Netlogon
Stopped Network Access Protection Agent
Stopped Office Source Engine
Stopped Office Software Protection Platform
Stopped Parental Controls
Stopped Performance Counter DLL Host
Stopped Performance Logs & Alerts
Stopped PnP-X IP Bus Enumerator
Stopped PNRP Machine Name Publication Service
Stopped Portable Device Enumerator Service
Stopped Problem Reports and Solutions Control Panel Support
Stopped Quality Windows Audio Video Experience
Stopped Remote Access Auto Connection Manager
Stopped Remote Desktop Configuration
Stopped Remote Desktop Services
Stopped Remote Procedure Call (RPC) Locator
Stopped Remote Registry
Stopped Routing and Remote Access
Stopped Smart Card
Stopped Smart Card Removal Policy
Stopped SNMP Trap
Stopped Software Protection
Stopped SPP Notification Service
Stopped Tablet PC Input Service
Stopped Thread Ordering Server
Stopped TPM Base Services
Stopped Virtual Disk
Stopped Volume Shadow Copy
Stopped WebClient
Stopped Windows Activation Technologies Service
Stopped Windows Backup
Stopped Windows Biometric Service
Stopped Windows CardSpace
Stopped Windows Color System
Stopped Windows Error Reporting Service
Stopped Windows Event Collector
Stopped Windows Installer
Stopped Windows Live Family Safety Service
Stopped Windows Live Mesh remote connections service
Stopped Windows Media Center Receiver Service
Stopped Windows Media Center Scheduler Service
Stopped Windows Modules Installer
Stopped Windows Presentation Foundation Font Cache 3.0.0.0
Stopped Windows Remote Management (WS-Management)
Stopped Windows Search
Stopped Windows Time
Stopped WinHTTP Web Proxy Auto-Discovery Service
Stopped Wired AutoConfig
Stopped WMI Performance Adapter
Stopped WWAN AutoConfig
CPU
AMD V120
Cores 1
Threads 1
Name AMD V120
Code Name Champlain
Package Socket S1 (638)
Technology 45nm
Specification AMD V120 Processor
Family F
Extended Family 10
Model 6
Extended Model 6
Stepping 3
Revision DA-C3
Instructions MMX (+), 3DNow! (+), SSE, SSE2, SSE3, SSE4A, AMD 64
Virtualization Supported, Disabled
Hyperthreading Not supported
Bus Speed 199.5 MHz
Rated Bus Speed 1596.0 MHz
Stock Core Speed 2200 MHz
Stock Bus Speed 200 MHz
Average Temperature 57 °C
Caches
L1 Data Cache Size 64 KBytes
L1 Instructions Cache Size 64 KBytes
L2 Unified Cache Size 512 KBytes
Core 0
Core Speed 2194.4 MHz
Multiplier x 4.0
Bus Speed 199.5 MHz
Rated Bus Speed 1596.0 MHz
Temperature 57 °C
Thread 1
APIC ID 0
RAM
Memory slots
Total memory slots 2
Used memory slots 2
Free memory slots 0
Memory
Type DDR3
Size 2048 MBytes
Channels # Dual
DRAM Frequency 532.0 MHz
CAS# Latency (CL) 7 clocks
RAS# to CAS# Delay (tRCD) 7 clocks
RAS# Precharge (tRP) 7 clocks
Cycle Time (tRAS) 20 clocks
Bank Cycle Time (tRC) 27 clocks
Command Rate (CR) 1T
Physical Memory
Memory Usage 90 %
Total Physical 1.75 GB
Available Physical 169 MB
Total Virtual 3.49 GB
Available Virtual 1.69 GB
SPD
Number Of SPD Modules 2
Slot #1
Type DDR3
Size 1024 MBytes
Manufacturer Samsung
Max Bandwidth PC3-10700 (667 MHz)
Part Number M471B2873FHS-CH9
Serial Number 8412142F
Week/year 12 / 10
SPD Ext. EPP
JEDEC #5
Frequency 685.7 MHz
CAS# Latency 9.0
RAS# To CAS# 9
RAS# Precharge 9
tRAS 25
tRC 34
Voltage 1.500 V
JEDEC #4
Frequency 609.5 MHz
CAS# Latency 8.0
RAS# To CAS# 8
RAS# Precharge 8
tRAS 22
tRC 30
Voltage 1.500 V
JEDEC #3
Frequency 533.3 MHz
CAS# Latency 7.0
RAS# To CAS# 7
RAS# Precharge 7
tRAS 20
tRC 27
Voltage 1.500 V
JEDEC #2
Frequency 457.1 MHz
CAS# Latency 6.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 17
tRC 23
Voltage 1.500 V
JEDEC #1
Frequency 381.0 MHz
CAS# Latency 5.0
RAS# To CAS# 5
RAS# Precharge 5
tRAS 14
tRC 19
Voltage 1.500 V
Slot #2
Type DDR3
Size 1024 MBytes
Manufacturer Samsung
Max Bandwidth PC3-10700 (667 MHz)
Part Number M471B2873FHS-CH9
Serial Number 84121428
Week/year 12 / 10
SPD Ext. EPP
JEDEC #5
Frequency 685.7 MHz
CAS# Latency 9.0
RAS# To CAS# 9
RAS# Precharge 9
tRAS 25
tRC 34
Voltage 1.500 V
JEDEC #4
Frequency 609.5 MHz
CAS# Latency 8.0
RAS# To CAS# 8
RAS# Precharge 8
tRAS 22
tRC 30
Voltage 1.500 V
JEDEC #3
Frequency 533.3 MHz
CAS# Latency 7.0
RAS# To CAS# 7
RAS# Precharge 7
tRAS 20
tRC 27
Voltage 1.500 V
JEDEC #2
Frequency 457.1 MHz
CAS# Latency 6.0
RAS# To CAS# 6
RAS# Precharge 6
tRAS 17
tRC 23
Voltage 1.500 V
JEDEC #1
Frequency 381.0 MHz
CAS# Latency 5.0
RAS# To CAS# 5
RAS# Precharge 5
tRAS 14
tRC 19
Voltage 1.500 V
Motherboard
Manufacturer Acer
Model Aspire 5251 (Socket S1G4)
Version V1.04
Chipset Vendor AMD
Chipset Model 785GX
Chipset Revision 00
Southbridge Vendor AMD
Southbridge Model SB850
Southbridge Revision 40
System Temperature 56 °C
BIOS
Brand Acer
Version V1.04
Date 04/23/2010
PCI Data
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage Available
Bus Width Unknown
Slot Designation J6C1
Slot Number 0
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage Available
Bus Width Unknown
Slot Designation J8C1
Slot Number 1
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage Available
Bus Width Unknown
Slot Designation J7C1
Slot Number 2
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage Available
Bus Width Unknown
Slot Designation J8D1
Slot Number 3
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage Available
Bus Width 32 bit
Slot Designation J8B1
Slot Number 4
Graphics
Monitor
Name Generic PnP Monitor on ATI Mobility Radeon HD 4250
Current Resolution 1366x768 pixels
Work Resolution 1366x728 pixels
State enabled, primary
Monitor Width 1366
Monitor Height 768
Monitor BPP 32 bits per pixel
Monitor Frequency 60 Hz
Device \\.\DISPLAY1\Monitor0
ATI Mobility Radeon HD 4250
GPU RS880M
Device ID 1002-9712
Subvendor Acer Incorporated [ALI] (1025)
Current Performance Level Level 1
Die Size 55 nm²
Release Date Sep 10, 2009
DirectX Support 10.1
OpenGL Support 4.1
Bios Core Clock 500.00
Bios Mem Clock 533.00
ROPs 4
Shaders 40 unified
Pixel Fillrate 0.8 GPixels/s
Texture Fillrate 0.0 GTexels/s
Count of performance levels : 1
Level 0
Hard Drives
ST9250315AS ATA Device
Manufacturer Seagate
Form Factor 2.5"
Heads 16
Cylinders 16383
SATA type SATA-II 3.0Gb/s
Device type Fixed
ATA Standard ATA8-ACS
LBA Size 48-bit LBA
Power On Count 4372 ??
Power On Time 119 Days 3 Hours
Speed, Expressed in Revolutions Per Minute (rpm) 5400
Features S.M.A.R.T., APM, NCQ
Transfer Mode SATA II
Interface SATA
Capacity 244GB
Real size 250,059,350,016 bytes
RAID Type None
S.M.A.R.T
01 Read Error Rate 105 (085 worst) Data 000081C834
03 Spin-Up Time 099 (099) Data 0000000000
04 Start/Stop Count 096 (096) Data 0000001169
05 Reallocated Sectors Count 100 (100) Data 0000000001
07 Seek Error Rate 080 (060) Data 000634D82B
09 Power-On Hours (POH) 097 (097) Data 0000000B2B
0A Spin Retry Count 100 (100) Data 0000000000
0C Device Power Cycle Count 096 (037) Data 0000001114
B8 End-to-End error / IOEDC 100 (100) Data 0000000000
BB Reported Uncorrectable Errors 001 (001) Data 000000196D
BC Command Timeout 100 (099) Data 0000000033
BD High Fly Writes (WDC) 100 (100) Data 0000000000
BE Temperature Difference from 100 060 (050) Data 0028200028
BF G-sense error rate 100 (100) Data 00000000B7
C0 Power-off Retract Count 100 (100) Data 0000000000
C1 Load/Unload Cycle Count 087 (087) Data 0000006CA8
C2 Temperature 040 (050) Data 0000000028
C3 Hardware ECC Recovered 047 (037) Data 000081C834
C5 Current Pending Sector Count 100 (100) Data 0000000001
C6 Uncorrectable Sector Count 100 (100) Data 0000000001
C7 UltraDMA CRC Error Count 200 (200) Data 0000000000
FE Free Fall Protection 100 (100) Data 0000000000
Temperature 40 °C
Temperature Range ok (less than 50 °C)
Status Good
Partition 0
Partition ID Disk #0, Partition #0
Size 14.0 GB
Partition 1
Partition ID Disk #0, Partition #1
Size 101 MB
Partition 2
Partition ID Disk #0, Partition #2
Disk Letter C:
File System NTFS
Volume Serial Number 98728F94
Size 219GB
Used Space 111GB (51%)
Free Space 108GB (49%)
Optical Drives
MATSHITA DVD-RAM UJ890AS ATA Device
Media Type DVD Writer
Name MATSHITA DVD-RAM UJ890AS ATA Device
Availability Running/Full Power
Capabilities Random Access, Supports Writing, Supports Removable Media
Config Manager Error Code Device is working properly
Config Manager User Config FALSE
Drive D:
Media Loaded FALSE
SCSI Bus 1
SCSI Logical Unit 0
SCSI Port 1
SCSI Target Id 0
Status OK
Audio
Sound Cards
ATI HDMI Audio
Realtek High Definition Audio
Playback Device
Speakers (Realtek High Definition Audio)
Recording Device
Microphone (Realtek High Definition Audio)
Speaker Configuration
Speaker type Stereo
Peripherals
Standard PS/2 Keyboard
Device Kind Keyboard
Device Name Standard PS/2 Keyboard
Location plugged into keyboard port
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\kbdclass.sys
HID-compliant mouse
Device Kind Mouse
Device Name HID-compliant mouse
Vendor Logitech
Location USB Input Device
Driver
Date 6-21-2006
Version 6.1.7600.16385
File C:\Windows\system32\DRIVERS\mouhid.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
Synaptics PS/2 Port TouchPad
Device Kind Mouse
Device Name Synaptics PS/2 Port TouchPad
Location plugged into PS/2 mouse port
Driver
Date 12-10-2009
Version 14.0.19.0
File C:\Windows\system32\DRIVERS\SynTP.sys
File C:\Windows\system32\SynTPAPI.dll
File C:\Windows\system32\SynCOM.dll
File C:\Windows\system32\SynCtrl.dll
File C:\Program Files\Synaptics\SynTP\SynTPRes.dll
File C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
File C:\Program Files\Synaptics\SynTP\SynCntxt.rtf
File C:\Program Files\Synaptics\SynTP\SynZMetr.exe
File C:\Program Files\Synaptics\SynTP\SynMood.exe
File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
File C:\Program Files\Synaptics\SynTP\SynTPCOM.dll
File C:\Program Files\Synaptics\SynTP\Tutorial.exe
File C:\Program Files\Synaptics\SynTP\InstNT.exe
File C:\Program Files\Synaptics\SynTP\SynISDLL.dll
File C:\Program Files\Synaptics\SynTP\SynUnst.ini
File C:\Program Files\Synaptics\SynTP\SynChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynPinch.mpg
File C:\Program Files\Synaptics\SynTP\SynMomentum.mpg
File C:\Program Files\Synaptics\SynTP\SynLinearVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynChiralVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynTwoFingerVHScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynPivotRotate_ChiralRotate.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingerFlick.mpg
File C:\Program Files\Synaptics\SynTP\SynThreeFingersDown.mpg
File C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
File C:\Program Files\Synaptics\SynTP\fx04.wav
File C:\Program Files\Synaptics\SynTP\SynAcer.exe
File C:\Program Files\Synaptics\SynTP\SynAcerCpl.cpl
File C:\Program Files\Synaptics\SynTP\SynTwoFingerVScroll.mpg
File C:\Program Files\Synaptics\SynTP\SynFlickLR.mpg
File C:\Windows\SysWOW64\SynCOM.dll
File C:\Windows\SysWOW64\SynCtrl.dll
File C:\Windows\SysWOW64\SynTPCOM.dll
File C:\Windows\system32\DRIVERS\i8042prt.sys
File C:\Windows\system32\DRIVERS\mouclass.sys
File C:\Windows\system32\SynTPCo4.dll
File C:\Windows\system32\WdfCoInstaller01009.dll
USB Video Device
Device Kind Camera/scanner
Device Name USB Video Device
Vendor Unknown
Comment 1.3M WebCam
Location USB Composite Device
Driver
Date 6-21-2006
Version 6.1.7601.17514
File C:\Windows\system32\drivers\usbvideo.sys
Network
You are connected to the internet
Connected through Atheros AR5B93 Wireless Network Adapter
IP Address 192.168.0.100
Subnet mask 255.255.255.0
Gateway server 192.168.0.1
Preferred DNS server 192.168.0.1
DHCP Enabled
DHCP server 192.168.0.1
External IP Address 74.197.185.136
Adapter Type IEEE 802.11 wireless
NetBIOS over TCP/IP Enabled via DHCP
NETBIOS Node Type Hybrid node
Link Speed 0 kbps
Computer Name
NetBIOS Name DESTINY_LAPTOP
DNS Name Destiny_Laptop
Domain Name Destiny_Laptop
Remote Desktop
Console
State Active
Domain Destiny_Laptop
WinInet Info
LAN Connection
Local system uses a local area network to connect to the Internet
Local system has RAS to connect to the Internet
Wi-Fi Info
Using native Wi-Fi API version 2
Available access points count 1
Wi-Fi (Mullens Family)
SSID Mullens Family
Frequency 2412000 kHz
Channel Number 1
Name No name
Signal Strength/Quality 68
Security Enabled
State The interface is connected to a network
Dot11 Type Infrastructure BSS network
Network Connectible
Network Flags Currently Connected to this network
Cipher Algorithm to be used when joining this network AES-CCMP algorithm
Default Auth used to join this network for the first time 802.11i RSNA algorithm that uses PSK
WinHTTPInfo
WinHTTPSessionProxyType No proxy
Session Proxy
Session Proxy Bypass
Connect Retries 5
Connect Timeout 60000
HTTP Version HTTP 1.1
Max Connects Per 1.0 Servers INFINITE
Max Connects Per Servers INFINITE
Max HTTP automatic redirects 10
Max HTTP status continue 10
Send Timeout 30000
IEProxy Auto Detect No
IEProxy Auto Config
IEProxy
IEProxy Bypass
Default Proxy Config Access Type No proxy
Default Config Proxy
Default Config Proxy Bypass
Sharing and Discovery
Network Discovery Enabled
File and Printer Sharing Enabled
Media Sharing Enabled
Adapters List
Atheros AR5B93 Wireless Network Adapter
IP Address 192.168.0.100
Subnet mask 255.255.255.0
Gateway server 192.168.0.1
Broadcom NetLink ™ Gigabit Ethernet
IP Address 0.0.0.0
Subnet mask 0.0.0.0
Gateway server 0.0.0.0
Network Shares
Users C:\Users
wont delete E:\
Destiny E:\
Lexmark 2500 Series Lexmark 2500 Series,LocalsplOnly
Current TCP Connections
AppleMobileDeviceService.exe (1640)
Local 127.0.0.1:49154 ESTABLISHED Remote 127.0.0.1:5354 (Querying... )
Local 127.0.0.1:27015 LISTEN
AvastSvc.exe (1440)
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50844 (Querying... )
Local 127.0.0.1:12025 LISTEN
Local 127.0.0.1:12080 LISTEN
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50807 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50839 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50842 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50843 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50845 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50846 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50847 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50848 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50849 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50858 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50861 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50866 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50867 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50870 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50872 (Querying... )
Local 127.0.0.1:12080 ESTABLISHED Remote 127.0.0.1:50881 (Querying... )
Local 127.0.0.1:12110 LISTEN
Local 127.0.0.1:12119 LISTEN
Local 127.0.0.1:12143 LISTEN
Local 127.0.0.1:12465 LISTEN
Local 127.0.0.1:12563 LISTEN
Local 127.0.0.1:12993 LISTEN
Local 127.0.0.1:12995 LISTEN
Local 192.168.0.100:50851 ESTABLISHED Remote 216.137.43.44:80 (Querying... ) (HTTP)
Local 192.168.0.100:50808 ESTABLISHED Remote 74.125.45.113:80 (Querying... ) (HTTP)
Local 192.168.0.100:50841 ESTABLISHED Remote 74.54.247.132:80 (Querying... ) (HTTP)
Local 192.168.0.100:50850 ESTABLISHED Remote 184.30.12.20:80 (Querying... ) (HTTP)
Local 192.168.0.100:50852 ESTABLISHED Remote 23.0.225.55:80 (Querying... ) (HTTP)
Local 192.168.0.100:50853 ESTABLISHED Remote 216.137.43.44:80 (Querying... ) (HTTP)
Local 192.168.0.100:50854 ESTABLISHED Remote 216.137.43.44:80 (Querying... ) (HTTP)
Local 192.168.0.100:50855 ESTABLISHED Remote 216.137.43.44:80 (Querying... ) (HTTP)
Local 192.168.0.100:50856 ESTABLISHED Remote 216.137.43.44:80 (Querying... ) (HTTP)
Local 192.168.0.100:50857 ESTABLISHED Remote 216.137.43.44:80 (Querying... ) (HTTP)
Local 192.168.0.100:50859 ESTABLISHED Remote 69.171.229.15:80 (Querying... ) (HTTP)
Local 192.168.0.100:50863 ESTABLISHED Remote 74.125.227.6:80 (Querying... ) (HTTP)
Local 192.168.0.100:50868 ESTABLISHED Remote 184.30.12.20:80 (Querying... ) (HTTP)
Local 192.168.0.100:50869 ESTABLISHED Remote 23.0.225.55:80 (Querying... ) (HTTP)
Local 192.168.0.100:50871 ESTABLISHED Remote 96.7.41.11:80 (Querying... ) (HTTP)
Local 192.168.0.100:50873 ESTABLISHED Remote 184.30.5.115:80 (Querying... ) (HTTP)
Local 192.168.0.100:50882 ESTABLISHED Remote 174.133.98.146:80 (Querying... ) (HTTP)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4804)
Local 127.0.0.1:49258 ESTABLISHED Remote 127.0.0.1:49257 (Querying... )
Local 127.0.0.1:50866 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50867 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50870 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50872 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50881 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50839 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49257 ESTABLISHED Remote 127.0.0.1:49258 (Querying... )
Local 127.0.0.1:50842 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:49254 ESTABLISHED Remote 127.0.0.1:49253 (Querying... )
Local 127.0.0.1:49253 ESTABLISHED Remote 127.0.0.1:49254 (Querying... )
Local 127.0.0.1:50843 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50844 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50845 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50846 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50847 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50848 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50849 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50858 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50861 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:50807 ESTABLISHED Remote 127.0.0.1:12080 (Querying... )
C:\Program Files\AVAST Software\Avast\AvastUI.exe (2408)
Local 192.168.0.100:50647 CLOSE-WAIT Remote 174.132.231.83:443 (Querying... ) (HTTPS)
Local 192.168.0.100:50649 CLOSE-WAIT Remote 174.132.231.83:443 (Querying... ) (HTTPS)
Local 192.168.0.100:50650 CLOSE-WAIT Remote 208.43.71.156:443 (Querying... ) (HTTPS)
Local 192.168.0.100:50651 CLOSE-WAIT Remote 208.43.71.156:443 (Querying... ) (HTTPS)
C:\Users\Destiny\AppData\Local\Akamai\netsession_win.exe (2584)
Local 192.168.0.100:50552 ESTABLISHED Remote 209.107.220.172:443 (Querying... ) (HTTPS)
Local 127.0.0.1:9423 LISTEN
Local 127.0.0.1:9422 LISTEN
Local 127.0.0.1:9421 LISTEN
Local 0.0.0.0:50221 LISTEN
System Process
Local 127.0.0.1:5357 TIME-WAIT Remote 127.0.0.1:50834 (Querying... )
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:50874 (Querying... )
Local 127.0.0.1:50864 TIME-WAIT Remote 127.0.0.1:12080 (Querying... )
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:50832 (Querying... )
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:50837 (Querying... )
Local 127.0.0.1:12080 TIME-WAIT Remote 127.0.0.1:50860 (Querying... )
Local 192.168.0.100:50887 TIME-WAIT Remote 174.133.64.236:80 (Querying... ) (HTTP)
Local 192.168.0.100:50835 TIME-WAIT Remote 192.168.0.197:139 (Querying... ) (NetBIOS session service)
Local 192.168.0.100:50824 TIME-WAIT Remote 192.168.0.197:139 (Querying... ) (NetBIOS session service)
Local 192.168.0.100:50806 TIME-WAIT Remote 74.125.227.10:80 (Querying... ) (HTTP)
System Process
Local 0.0.0.0:445 (Windows shares) LISTEN
Local [00:00:00:00:00:00:00:00]:10243 LISTEN
Local 0.0.0.0:2869 LISTEN
Local [00:00:00:00:00:00:00:00]:5357 LISTEN
Local 0.0.0.0:5357 LISTEN
Local 0.0.0.0:10243 LISTEN
Local 192.168.0.100:139 (NetBIOS session service) LISTEN
Local [00:00:00:00:00:00:00:00]:2869 LISTEN
Local [00:00:00:00:00:00:00:00]:445 LISTEN
lsass.exe (640)
Local 0.0.0.0:5002 LISTEN
Local [00:00:00:00:00:00:00:00]:5002 LISTEN
lxddcoms.exe (2280)
Local 0.0.0.0:10004 LISTEN
mDNSResponder.exe (2060)
Local 127.0.0.1:5354 LISTEN
Local 127.0.0.1:5354 ESTABLISHED Remote 127.0.0.1:49154 (Querying... )
services.exe (624)
Local 0.0.0.0:5004 LISTEN
Local [00:00:00:00:00:00:00:00]:5004 LISTEN
spoolsv.exe (2008)
Local [00:00:00:00:00:00:00:00]:5005 LISTEN
Local 0.0.0.0:5005 LISTEN
svchost.exe (4364)
Local [fe80:00:00:00:1dad:45c5:adb:9f5a]:50634 ESTABLISHED Remote [fe80:00:00:00:a05a:84a7:993:8e93]:3587 (Querying... )
Local [00:00:00:00:00:00:00:00]:3587 LISTEN
svchost.exe (516)
Local 0.0.0.0:5003 LISTEN
Local [00:00:00:00:00:00:00:00]:5003 LISTEN
svchost.exe (840)
Local 0.0.0.0:135 (DCE) LISTEN
Local [00:00:00:00:00:00:00:00]:135 LISTEN
svchost.exe (976)
Local 0.0.0.0:5001 LISTEN
Local [00:00:00:00:00:00:00:00]:5001 LISTEN
wininit.exe (520)
Local 0.0.0.0:5000 LISTEN
Local [00:00:00:00:00:00:00:00]:5000 LISTEN
wmpnetwk.exe (4504)
Local [00:00:00:00:00:00:00:00]:554 LISTEN
Local 0.0.0.0:554 LISTEN


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 52.96 0 K 24 K
procexp64.exe 3444 14.77 22,428 K 40,772 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
WDSmartWare.exe 984 7.40 165,608 K 125,940 K WD SmartWare Western Digital
svchost.exe 1636 5.48 7,408 K 7,996 K Host Process for Windows Services Microsoft Corporation
Interrupts n/a 4.97 0 K 0 K Hardware Interrupts and DPCs
svchost.exe 760 2.27 4,416 K 7,360 K Host Process for Windows Services Microsoft Corporation
dwm.exe 1692 2.10 36,680 K 35,656 K Desktop Window Manager Microsoft Corporation
explorer.exe 1708 1.64 40,232 K 55,060 K Windows Explorer Microsoft Corporation
lsass.exe 640 1.54 5,760 K 11,268 K Local Security Authority Process Microsoft Corporation
SynTPEnh.exe 2596 1.52 9,924 K 10,016 K Synaptics TouchPad Enhancements Synaptics Incorporated
csrss.exe 528 1.26 3,348 K 15,568 K Client Server Runtime Process Microsoft Corporation
System 4 1.17 156 K 1,792 K
WDDMService.exe 2652 0.63 76,752 K 15,268 K WD Drive Manager Service WDC
AvastUI.exe 2408 0.35 12,992 K 5,464 K avast! Antivirus AVAST Software
netsession_win.exe 2584 0.27 7,072 K 10,312 K Akamai NetSession Client Akamai Technologies, Inc
ePowerTray.exe 2660 0.25 3,528 K 6,576 K ePowerTray Acer Incorporated
svchost.exe 1068 0.25 10,760 K 15,864 K Host Process for Windows Services Microsoft Corporation
ePowerEvent.exe 3836 0.21 1,684 K 2,892 K ePowerEvent Acer Incorporated
svchost.exe 2180 0.20 9,552 K 21,924 K Host Process for Windows Services Microsoft Corporation
WDDMStatus.exe 228 0.19 5,920 K 7,244 K WD Drive Manager WDC
sidebar.exe 2704 0.10 19,400 K 32,508 K Windows Desktop Gadgets Microsoft Corporation
svchost.exe 976 0.09 21,740 K 19,580 K Host Process for Windows Services Microsoft Corporation
AvastSvc.exe 1440 0.09 24,152 K 31,092 K avast! Service AVAST Software
svchost.exe 1344 0.08 28,928 K 30,168 K Host Process for Windows Services Microsoft Corporation
lsm.exe 648 0.04 2,876 K 3,540 K Local Session Manager Service Microsoft Corporation
SbieCtrl.exe 2812 0.03 3,608 K 7,428 K Sandboxie Control SANDBOXIE L.T.D
svchost.exe 2196 0.02 77,504 K 27,808 K Host Process for Windows Services Microsoft Corporation
svchost.exe 516 0.02 31,712 K 42,588 K Host Process for Windows Services Microsoft Corporation
AppleMobileDeviceService.exe 1640 0.02 2,872 K 5,824 K MobileDeviceService Apple Inc.
svchost.exe 2044 0.02 12,372 K 14,212 K Host Process for Windows Services Microsoft Corporation
services.exe 624 0.01 6,272 K 8,088 K Services and Controller app Microsoft Corporation
csrss.exe 452 0.01 2,048 K 3,320 K Client Server Runtime Process Microsoft Corporation
WLIDSVC.EXE 3276 0.01 6,972 K 9,696 K Microsoft® Windows Live ID Service Microsoft Corp.
wmpnetwk.exe 4504 < 0.01 18,504 K 13,656 K Windows Media Player Network Sharing Service Microsoft Corporation
IScheduleSvc.exe 2416 < 0.01 5,372 K 9,096 K Backup Manager Module NewTech Infosystems, Inc.
SPUVolumeWatcher.exe 992 < 0.01 1,836 K 4,320 K Media Check Tool Sony Corporation
netsession_win.exe 3060 < 0.01 2,824 K 3,764 K Akamai NetSession Client Akamai Technologies, Inc
lxddserv.exe 2236 < 0.01 1,496 K 2,156 K Lexmark Connect Service Executable Lexmark International, Inc.
dsiwmis.exe 2120 < 0.01 2,708 K 4,216 K Dritek WMI Service Dritek System Inc.
svchost.exe 332 < 0.01 65,536 K 69,372 K Host Process for Windows Services Microsoft Corporation
YahooAUService.exe 3296 2,284 K 4,280 K AutoUpater Service Module Yahoo! Inc.
WmiPrvSE.exe 3664 20,468 K 25,144 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 3340 1,532 K 2,136 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
winlogon.exe 568 2,904 K 5,128 K Windows Logon Application Microsoft Corporation
wininit.exe 520 1,884 K 2,804 K Windows Start-Up Application Microsoft Corporation
WDSmartWareBackgroundService.exe 2900 23,956 K 10,644 K WDSmartWareBackgroundService Memeo
UpdaterService.exe 2512 1,360 K 2,524 K Updater Service Acer Group
unsecapp.exe 3588 2,200 K 4,680 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
UnlockerAssistant.exe 2316 1,276 K 2,696 K
SynTPHelper.exe 4264 1,716 K 2,844 K Synaptics Pointing Device Helper Synaptics Incorporated
svchost.exe 840 4,568 K 6,800 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4364 10,868 K 13,664 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2468 2,420 K 4,724 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3156 2,736 K 4,696 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 2008 8,608 K 10,936 K Spooler SubSystem App Microsoft Corporation
smss.exe 304 396 K 708 K Windows Session Manager Microsoft Corporation
SbieSvc.exe 1136 2,152 K 2,520 K Sandboxie Service SANDBOXIE L.T.D
RAVCpl64.exe 2520 9,536 K 7,236 K Realtek HD Audio Manager Realtek Semiconductor
procexp.exe 3480 2,492 K 9,484 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
PLFSetI.exe 2644 2,688 K 5,864 K DefaultSettingEXE MFC Application
NLSSRV32.EXE 2328 960 K 1,848 K This service enables products that use the Nalpeiron Licensing System Nalpeiron Ltd.
MMDx64Fx.exe 3164 2,136 K 3,112 K MMDx64Fx Application Dritek System Inc.
mDNSResponder.exe 2060 2,420 K 4,412 K Bonjour Service Apple Inc.
lxddcoms.exe 2280 2,316 K 3,748 K Printer Communication System
LMworker.exe 3228 1,308 K 2,580 K Launch Manager Worker Dritek System Inc.
LManager.exe 2844 11,848 K 8,200 K Launch Manager Keyboard Application Dritek System Inc.
jusched.exe 2908 1,340 K 2,512 K Java™ Update Scheduler Sun Microsystems, Inc.
GREGsvc.exe 2208 992 K 2,048 K Global Registration Service Acer Incorporated
ePowerSvc.exe 2156 2,664 K 4,356 K ePowerSvc Acer Incorporated
dllhost.exe 2796 2,400 K 5,000 K COM Surrogate Microsoft Corporation
audiodg.exe 2724 16,840 K 17,496 K Windows Audio Device Graph Isolation Microsoft Corporation
atiesrxx.exe 888 1,776 K 2,956 K AMD External Events Service Module AMD
atieclxx.exe 1160 2,548 K 4,900 K AMD External Events Client Module AMD
armsvc.exe 1056 1,424 K 2,300 K Adobe Acrobat Update Service Adobe Systems Incorporated
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Process Explorer is showing System Idle at only

System Idle Process 0 52.96 0 K 24 K

This should be much higher - over 90%

You are running WDSmartWare.exe.

WDSmartWare.exe 984 7.40 165,608 K 125,940 K WD SmartWare Western Digital

Believe this is a program to make backups of the drive to an external drive. Can you stop the backup process?

Another line in Process Explorer that looks way too high is:

Interrupts n/a 4.97 0 K 0 K Hardware Interrupts and DPCs

Appears this is a laptop. This is often caused by a bad battery on a laptop. Interrupts n/a should normally be around 1.0 and due to its nature its influence is really a multiple of the cpu usage. Shutdown, remove the main battery and boot back up and run Process Explorer again and post the log.



The PC is running a bit hotter than I like.

AMD V120 57 °C


Around 50 would be better.
It may be time for a good cleaning with a vacuum cleaner.
Try speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check the box Automatic Fan Speed on the front page.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
Also prop up the back of the laptop with a book (don't block the vents). If it's like my daughter's Dell laptop which I worked on this week it uses a heat pipe to transmit heat from the CPU to the heatsink. I don't think it works all that well. Propping it up in the back let's the heat rise to the heatsink which should make it cool a bit better.

What make and model number is this PC?

Ron

PS: Process Explorer from my pc:
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 89.29 0 K 24 K
procexp.exe 528 5.54 11,824 K 20,268 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 1.29 0 K 0 K Hardware Interrupts and DPCs
plugin-container.exe 5012 0.70 20,684 K 25,532 K Plugin Container for Firefox Mozilla Corporation
dwm.exe 3804 0.67 37,112 K 37,104 K Desktop Window Manager Microsoft Corporation
csrss.exe 772 0.59 2,864 K 13,700 K Client Server Runtime Process Microsoft Corporation
svchost.exe 996 0.44 3,428 K 7,680 K Host Process for Windows Services Microsoft Corporation
firefox.exe 5032 0.37 282,196 K 310,692 K Firefox Mozilla Corporation
System 4 0.36 84 K 14,260 K
  • 0

#15
Jasmyne

Jasmyne

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 2,010 posts
Just got done with the avast! scan...

2 things:
C:\Program Files (x86)\WinRAR\Formats\gz.fmt Status: Error: Data error (cyclic redundancy check) (23)

C:\Windows\SysWOW64\C_220107.NLS Severity: High Status: Threat: Win32:Agent-AMPY [Trj] Action: Moved to Chest

Now on to what you just posted :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP