Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another freezing computer

Started by womanandmom , Dec 11 2011 12:35 PM

  • Please log in to reply

#1
womanandmom
Posted 11 December 2011 - 12:35 PM

womanandmom

    Member

  • Member
  • PipPip
  • 82 posts
Mine seems to be attached to browser use, especially when loading a new page. It just stops loading, the browser (firefox) goes "Not Responding" and I usually have to ctrl+alt+del and bring up the task manager to bring it back to life. This has been going on for a few weeks, but I can't think of anything that may have caused it. No new programs or drivers installed.
I had run ad-aware and found a Trojan which was removed. I've ran it again and it's been clean.
I've used CCleaner to clean everything up, but that doesn't seem to help.
Honestly, I've had nothing but trouble with this computer since I got it..but we're in no position to buy a new one.

Here is the thread I was using for some help in the Vista forum
http://www.geekstogo...00#entry2093400

OTL Log:

OTL logfile created on: 11/12/2011 11:26:35 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Home\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 47.37% Memory free
3.99 Gb Paging File | 2.95 Gb Available in Paging File | 74.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.21 Gb Total Space | 132.20 Gb Free Space | 45.71% Space Free | Partition Type: NTFS
Drive D: | 8.88 Gb Total Space | 1.20 Gb Free Space | 13.51% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 11:25:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
PRC - [2011/11/28 11:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/09 11:45:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/17 12:06:29 | 008,527,008 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/09 11:45:00 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/20 21:25:27 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 16:06:40 | 000,014,088 | ---- | M] (Memeo) [On_Demand | Stopped] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/24 07:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 10:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 10:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 10:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 10:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 10:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 10:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/22 12:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2010/02/04 23:20:22 | 000,012,672 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HP8107.sys -- (HP8107Fltr)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.mydidsbury.ca/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.148
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Home\AppData\Local\Roblox\Versions\version-844560f43f354d3f\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/15 17:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/28 22:33:20 | 000,000,000 | ---D | M]

[2010/11/12 20:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2010/11/12 20:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/25 16:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions
[2011/02/27 15:53:12 | 000,000,000 | ---D | M] () -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/08/25 15:58:18 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/14 21:45:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/25 16:24:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/19 10:50:45 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\[email protected]
[2011/11/09 11:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/14 17:23:39 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/10/28 13:18:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 11:45:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/02 16:44:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 11:45:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Home\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3363453D-B9B3-4164-BA82-D746AF59F19B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/03 12:09:59 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d523c901-3570-11e0-8087-001d60d123f1}\Shell - "" = AutoRun
O33 - MountPoints2\{d523c901-3570-11e0-8087-001d60d123f1}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 22:39:57 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{487FAAA1-7D1B-41D3-94FF-D912ECD8E5E9}
[2011/12/05 22:39:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6D7FA80A-4473-4129-B69D-DEF2A41AD6F3}
[2011/12/05 22:00:00 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{601CD56A-F1B4-4B48-9A36-C39206FCE630}
[2011/12/04 15:00:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8DAB4A24-2DF4-49D7-9E7C-172B91A4819D}
[2011/12/04 14:59:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{86174AD7-B808-4632-B690-B167D547250C}
[2011/12/04 02:59:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F92143F6-10CB-490E-9D7A-F355107E6C6A}
[2011/12/04 02:58:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F7781457-726E-44B6-B602-C7B85390AF0B}
[2011/12/03 14:58:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{36F244C4-9E21-442C-AF42-82EBD68E7742}
[2011/12/03 14:58:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{E94406BC-9AA3-458F-ACD6-179DF1CC9148}
[2011/12/02 23:38:18 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8B5E6C03-F0B4-4682-875F-39586F1983E3}
[2011/12/02 23:38:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{CC731B67-18F3-4C9A-9EC6-3B296AF46153}
[2011/12/02 11:37:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{06D959BE-7F7D-4309-9496-07A7D458F246}
[2011/12/02 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{56572B07-142F-4081-85CA-51D3C984C54D}
[2011/12/01 23:37:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{478EE3B1-1A9B-41EF-94AC-FA9F40C80967}
[2011/12/01 23:36:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{84347A3B-8113-4B3E-9709-91022119701E}
[2011/12/01 11:36:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{76E1E5EA-DEDA-4809-B2C4-177ABADBA1FB}
[2011/12/01 11:35:34 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{38927782-984A-44A7-AF03-32A6270F4CE4}
[2011/11/30 23:35:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{14241E2F-5373-4B3D-AFFE-83470DA87E8D}
[2011/11/30 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1C558F9A-21C8-4588-A5E2-2FE26D18634D}
[2011/11/30 11:34:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6C65F25E-0387-4E72-92C4-B5633CC7CED6}
[2011/11/30 11:34:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C88953EE-2007-4CC8-B736-D4DA0E3C6E85}
[2011/11/29 23:34:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{50E3E953-7108-43F8-A67E-25F096E8AD59}
[2011/11/29 23:34:03 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{30BEFDD4-EDDC-4594-8B5E-1ED3850E785C}
[2011/11/29 11:33:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{19DE920F-7A68-45A8-BDD6-B9F4C9833F53}
[2011/11/29 11:33:38 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FA8AFA17-E427-4471-BC8B-6C64FA743701}
[2011/11/28 23:33:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{61E2DEE4-25D6-4DEF-AE57-78E486D94EBD}
[2011/11/28 23:32:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{96BF493A-BE89-487E-A22F-7DB9514175E1}
[2011/11/28 22:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/28 11:32:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A35C8ABB-3852-4A89-BAC0-45B724216A12}
[2011/11/28 11:32:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{CA23B17C-2731-4F55-9923-D2050C297A47}
[2011/11/27 23:31:57 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EF354118-0E61-42CC-B284-B85F3186CE30}
[2011/11/27 23:31:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1EEEF8AE-C235-428E-A3C7-124865140D05}
[2011/11/27 18:23:48 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2011/11/27 18:21:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Roblox
[2011/11/27 11:31:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{4357C263-67FF-4DA3-B06A-221E0AC81FD2}
[2011/11/27 11:31:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EEFB06E1-2B66-4452-9E3D-F129AFC9A440}
[2011/11/26 22:47:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B3034F12-E916-4F33-B3AD-6A100FDC05FE}
[2011/11/26 22:46:51 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{99EFC82D-F824-49E8-8A75-FCD2A63F7972}
[2011/11/26 10:46:39 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{BC42D2D6-99F0-42F6-A268-F7511C37114D}
[2011/11/26 10:46:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{781771CA-D2FC-4600-9109-9FBEE901CF10}
[2011/11/25 22:23:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{20AD0FD8-947E-43F3-8B71-1CA5DFD38DAB}
[2011/11/25 22:22:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{43B1FCED-E046-43B6-B24A-DEDFBD3F7C01}
[2011/11/25 10:22:28 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D40C3486-E26E-4A41-B1A3-DC3BC2289B19}
[2011/11/25 10:21:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{E26A47F8-83B9-430F-B8F4-D014A065E4C8}
[2011/11/24 22:21:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1C3229FB-78D2-4670-B444-8E25A4D2422A}
[2011/11/24 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F28CF0F7-3403-456E-B1B2-EBD9D1F7D28A}
[2011/11/24 10:20:56 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{ECD0CD73-2F8B-4E63-8D21-757FDBA7E512}
[2011/11/24 10:20:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D6A09B99-EB40-4BDE-9336-610FBFAE7A3C}
[2011/11/23 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C801CA8A-0588-4925-BC46-C6CEF4F2FFE9}
[2011/11/23 22:20:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3FA4485E-AD3E-4B21-ABC5-EE129D66B7A5}
[2011/11/23 10:19:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A3200E17-F956-4AEE-A098-E18A66239BBB}
[2011/11/23 10:19:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3445F4CD-9F39-445A-807A-93F63045782F}
[2011/11/22 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8193D54F-2106-4979-9B61-542A27EEBF2F}
[2011/11/22 22:18:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6EC022A6-98CA-4608-B6B5-E05056B2100D}
[2011/11/22 10:18:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{DDA52B8E-3555-40FB-A186-483EB44115D3}
[2011/11/22 10:18:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D34CB030-07DB-4A92-BB21-D798F87B0366}
[2011/11/21 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7535311A-2A7F-46A6-AC83-EC58183229EE}
[2011/11/21 22:17:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{934E9E23-5D96-43C9-ADB0-616C070CF3E3}
[2011/11/21 10:17:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{049E1616-F4BA-4A62-B261-FDB76E172B5D}
[2011/11/21 10:16:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{455756A4-AB58-4DAC-B744-F628ADC0E4D1}
[2011/11/20 20:39:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F5D31042-BF07-41F6-92C7-BCABF04769E5}
[2011/11/20 20:39:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C29E1795-5E4D-4C41-9097-C0C70AF573F6}
[2011/11/20 08:39:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{927E3174-C20E-4EB5-A80A-7A27E960666F}
[2011/11/20 08:38:56 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{BA64CB01-0547-476D-8DCC-658C2EBB7046}
[2011/11/19 12:08:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{465CF9BF-1BAF-4948-A1DE-680AE2CBCB89}
[2011/11/19 12:08:29 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8DEF8B21-4773-47BC-9EDB-C0B30DBA9ED5}
[2011/11/19 00:08:03 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{00685735-1708-44D2-B8CA-1822053C2684}
[2011/11/19 00:07:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6AE0626F-D1B2-427F-A7C9-0995A86FD699}
[2011/11/18 12:07:39 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EC56558A-FBA7-4B80-8992-C5F7ECF8E31C}
[2011/11/18 12:07:28 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A3B7B146-D917-4395-81EF-18434E00A19A}
[2011/11/18 00:07:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FAE59918-FFE1-4F6B-B041-B305F0FF336D}
[2011/11/18 00:06:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B835ED44-06E0-40A9-9A8C-38E7D66F7A4B}
[2011/11/17 12:06:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6EA71EAC-DA59-4F85-A996-2E56730B9A54}
[2011/11/17 12:06:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{0E1D0EB1-4779-4250-845F-B53AE81810B0}
[2011/11/16 22:49:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{52F00D34-95E6-4FBF-BF42-D0733D4F3287}
[2011/11/16 22:49:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{2F060A44-D204-42DC-B296-7B8058A9A6C9}
[2011/11/16 20:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/16 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{747210D9-E3EC-4BBB-A5D5-4230EE86906D}
[2011/11/16 10:48:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{AC9D238C-AC7D-4DAD-92B5-F76BF5E57A62}
[2011/11/15 22:48:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B069B466-0EB9-43DA-9DE2-493ABE4F068E}
[2011/11/15 22:48:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B91CABEA-CD05-4ACB-818E-E173035AA667}
[2011/11/15 17:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/15 17:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/15 17:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/15 17:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/15 17:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/15 10:47:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{077AAADD-5674-4BE2-B3BB-5C63CBF27D6C}
[2011/11/15 10:47:38 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{2A5A4F61-4F2E-4030-8D4D-ED975D7C19A8}
[2011/11/14 10:56:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{ADDA29E3-DF80-4657-9893-C3B99B703AB3}
[2011/11/14 10:55:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{140C4387-178E-4282-827A-3557C2035D5E}
[2011/11/13 22:55:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{08256861-88E9-4039-A433-C5314412E936}
[2011/11/13 22:54:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7FF35CDC-DA1B-48C0-B7E2-66C7437F96A9}
[2011/11/13 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C891DB68-2E39-4175-827D-6191488ADB94}
[2011/11/13 10:54:23 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F8738D96-AE07-4B0D-AE0F-12017D1FBE2A}
[2011/11/12 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8048BD00-49BC-484A-B2E8-6DDF9FE68EBE}
[2011/11/12 22:49:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3F5C03E3-8044-4299-B274-A86B9D793A8D}
[2011/11/12 10:49:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C2C4175C-50F0-4379-8422-242665465670}
[2011/11/12 10:49:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D73559DC-CB47-4F8E-AC3A-72CBF695D2DF}
[2011/11/11 22:49:04 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{BAB0215A-514F-44C3-9BB3-D9C97D9BD37C}
[2011/11/11 22:48:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{652AA74A-27FA-4EC6-B9E4-0C4816192CE2}

========== Files - Modified Within 30 Days ==========

[2011/12/11 11:20:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1553909927-1088209007-267712942-1000UA.job
[2011/12/11 11:18:33 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/11 11:18:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 11:18:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 11:18:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 11:18:08 | 2011,717,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/11 11:11:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/09 21:20:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1553909927-1088209007-267712942-1000Core.job
[2011/12/09 12:04:57 | 000,001,082 | ---- | M] () -- C:\Users\Home\Desktop\Play Roblox.lnk
[2011/12/07 00:18:42 | 000,082,905 | ---- | M] () -- C:\Users\Home\bite.jpg
[2011/12/07 00:16:19 | 000,018,451 | ---- | M] () -- C:\Users\Home\add.jpg
[2011/12/05 23:35:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/04 19:37:06 | 000,011,649 | ---- | M] () -- C:\Users\Home\68719714842_AGbd6uY2_c.jpg
[2011/12/03 00:15:16 | 000,031,220 | ---- | M] () -- C:\Users\Home\trooper.jpg
[2011/12/02 23:27:30 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/11/29 21:56:51 | 000,000,680 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2011/11/28 23:21:09 | 000,074,092 | ---- | M] () -- C:\Users\Home\moustache.jpg
[2011/11/28 22:33:22 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/28 11:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 11:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 10:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 10:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 10:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 10:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 10:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 10:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/23 23:58:18 | 000,620,242 | ---- | M] () -- C:\Users\Home\santa chimney vintage image graphicsfairy4c.jpg
[2011/11/22 21:49:42 | 000,200,192 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 12:02:17 | 000,510,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/16 20:16:40 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/15 17:55:56 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/15 17:52:06 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/12/07 00:18:42 | 000,082,905 | ---- | C] () -- C:\Users\Home\bite.jpg
[2011/12/07 00:16:17 | 000,018,451 | ---- | C] () -- C:\Users\Home\add.jpg
[2011/12/04 19:37:05 | 000,011,649 | ---- | C] () -- C:\Users\Home\68719714842_AGbd6uY2_c.jpg
[2011/12/03 00:15:13 | 000,031,220 | ---- | C] () -- C:\Users\Home\trooper.jpg
[2011/11/28 23:21:09 | 000,074,092 | ---- | C] () -- C:\Users\Home\moustache.jpg
[2011/11/28 22:33:22 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/28 22:33:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/27 18:23:48 | 000,001,082 | ---- | C] () -- C:\Users\Home\Desktop\Play Roblox.lnk
[2011/11/23 23:58:05 | 000,620,242 | ---- | C] () -- C:\Users\Home\santa chimney vintage image graphicsfairy4c.jpg
[2011/11/16 20:16:40 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/15 17:55:56 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/15 17:52:06 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/09 12:40:57 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/04/12 17:05:57 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/04/12 17:05:31 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2011/04/12 17:05:31 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2011/04/12 17:05:31 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2011/04/12 17:05:31 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2011/04/12 17:05:31 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2011/04/12 17:05:14 | 000,000,528 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/01/17 19:37:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/12 14:22:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/08 09:41:07 | 000,211,868 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/12/11 17:15:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance Kit
[2010/12/11 17:15:45 | 000,000,268 | RH-- | C] () -- C:\Users\Home\AppData\Roaming\Contextual Menu Items
[2010/12/11 17:15:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/02 12:22:47 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2010/11/28 10:58:40 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2010/11/28 10:37:58 | 000,148,866 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/11/28 10:37:50 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/11/14 21:22:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/14 19:44:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/14 19:44:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/14 18:40:33 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/11/14 17:25:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/14 12:42:19 | 000,025,602 | ---- | C] () -- C:\Windows\System32\veuntli.dll
[2010/11/12 23:46:02 | 000,000,143 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/11/12 20:45:57 | 000,200,192 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/12 20:13:15 | 000,000,010 | ---- | C] () -- C:\Windows\WinInit.ini
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2007/09/03 12:00:47 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/09/03 11:46:49 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/09/03 11:44:21 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/09/03 11:44:21 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/07/19 08:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,510,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,611,664 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,109,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\System32\unicows.dll

========== LOP Check ==========

[2011/07/14 13:46:24 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Avery
[2011/07/05 20:46:38 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\BigBrotherLite
[2010/11/14 19:05:59 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Blackberry Desktop
[2011/09/26 11:55:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\FrostWire
[2011/04/08 13:49:08 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GARMIN
[2011/05/16 18:39:58 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\KeyingTool
[2010/12/25 12:55:08 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Leadertech
[2010/12/11 17:30:09 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Nikon
[2010/11/14 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Research In Motion
[2010/12/25 13:00:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Seagate
[2011/11/18 10:24:04 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Smilebox
[2010/11/12 20:47:38 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Snapfish
[2010/11/12 20:37:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Thunderbird
[2011/07/05 20:19:44 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/11/27 21:39:25 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WinBatch
[2011/12/11 11:16:58 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 12 December 2011 - 06:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
This is a lot to do as it includes both a bunch of malware scans and also my "why is the computer running slow" routines. You will need to do multiple replies as the results will otherwise be too big for the forum.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2011/10/25 16:24:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
type C:\Windows\System32\config.nt /c
     
:Commands
[RESETHOSTS]
[EMPTYJAVA]
[EMPTYFLASH]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. ==> Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted



Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

If you get an error: 'illegal operation attempted on a registery key that has been marked for deletion'
just reboot once and it should go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

I think on Vista the log file can be found in text form in C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt or possible in C:\ProgramData\Avast Software\Avast5\report\aswboot.txt, IF you can find the file please copy and paste it into a reply.




That should reveal any malware. Now let's look for other problems:


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.




Ron
  • 0

#3
womanandmom
Posted 14 December 2011 - 10:51 AM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Hi, I am starting o go through this now, but wanted to update you.
This morning my computer would not go past the Boot (HP) screen, after a few tries it started Startup Repair. It restored it to an earlier point. The cause was "A patch is preventing your computer from starting up".
Now it's freezing a LOT..everything I open hangs for a bit.
I don't know if it means anything but when it does freeze and I have to open task manager to jolt it back to life, the performance grid has a large spike (all the way to the top). It's not like that when I open task manager when it's not frozen.
OK..back to scanning!
  • 0

#4
RKinner
Posted 14 December 2011 - 11:04 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Tuesday is when Microsoft releases new patches so you probably got one and it wasn't happy for some reason. Perhaps for whatever reason you are getting the freezing.

We will see what the scans say.
  • 0

#5
womanandmom
Posted 14 December 2011 - 05:02 PM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
OK here's where I am at the moment.
Malwarebytes freezes up the computer,
ComboFix gets completes stage 3..then my computer shut down and it did not want to start up again. I finally have it running again but there is no log. I tried Combo Fix twice, the first time it froze up and wasn't working (I left it for like an hour and nothing)
I ran TDSSKiller, it found nothing..but again, no log. However, it didn't freeze up!
Moving on to the next one.
  • 0

#6
womanandmom
Posted 14 December 2011 - 05:05 PM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
The FixMNBR button was enabled, not the Fix button
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-14 16:02:46
-----------------------------
16:02:46.597 OS Version: Windows 6.0.6002 Service Pack 2
16:02:46.597 Number of processors: 2 586 0x6B02
16:02:46.597 ComputerName: HOMEPC UserName: Home
16:02:53.149 Initialize success
16:02:53.367 AVAST engine defs: 11121402
16:03:28.623 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004f
16:03:28.639 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 6
16:03:30.698 Disk 0 MBR read successfully
16:03:30.698 Disk 0 MBR scan
16:03:30.713 Disk 0 unknown MBR code
16:03:30.729 Disk 0 scanning sectors +625136400
16:03:30.838 Disk 0 scanning C:\Windows\system32\drivers
16:03:50.666 Service scanning
16:03:52.195 Modules scanning
16:03:58.403 Scan finished successfully
16:04:06.157 Disk 0 MBR has been saved successfully to "C:\Users\Home\MBR.dat"
16:04:06.157 The log file has been saved successfully to "C:\Users\Home\aswMBR.txt"
  • 0

#7
womanandmom
Posted 14 December 2011 - 05:14 PM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
OTL logfile created on: 14/12/2011 4:06:24 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Home\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 50.46% Memory free
3.98 Gb Paging File | 3.00 Gb Available in Paging File | 75.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.21 Gb Total Space | 132.19 Gb Free Space | 45.71% Space Free | Partition Type: NTFS
Drive D: | 8.88 Gb Total Space | 1.20 Gb Free Space | 13.51% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 11:25:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
PRC - [2011/12/06 22:43:06 | 003,305,248 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/11/28 11:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/11/09 11:45:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 11:45:00 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/14 13:33:06 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/11/28 11:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 16:06:40 | 000,014,088 | ---- | M] (Memeo) [On_Demand | Stopped] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/24 07:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 10:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 10:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 10:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 10:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 10:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 10:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/22 12:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2010/02/04 23:20:22 | 000,012,672 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HP8107.sys -- (HP8107Fltr)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.mydidsbury.ca/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Home\AppData\Local\Roblox\Versions\version-844560f43f354d3f\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/15 17:56:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/28 22:33:20 | 000,000,000 | ---D | M]

[2010/11/12 20:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2010/11/12 20:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/14 09:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions
[2011/02/27 15:53:12 | 000,000,000 | ---D | M] () -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2011/08/25 15:58:18 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/11/14 21:45:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/19 10:50:45 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\4zt929kw.default\extensions\[email protected]
[2011/11/09 11:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/14 17:23:39 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/10/28 13:18:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/09 11:45:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/02 16:44:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 11:45:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/14 09:52:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Home\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3363453D-B9B3-4164-BA82-D746AF59F19B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/03 12:09:59 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d523c901-3570-11e0-8087-001d60d123f1}\Shell - "" = AutoRun
O33 - MountPoints2\{d523c901-3570-11e0-8087-001d60d123f1}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/14 13:35:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/14 13:35:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/14 13:35:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/14 13:35:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/14 13:35:22 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/14 13:35:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/14 10:00:05 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/14 09:52:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/05 22:39:57 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{487FAAA1-7D1B-41D3-94FF-D912ECD8E5E9}
[2011/12/05 22:39:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6D7FA80A-4473-4129-B69D-DEF2A41AD6F3}
[2011/12/05 22:00:00 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{601CD56A-F1B4-4B48-9A36-C39206FCE630}
[2011/12/04 15:00:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8DAB4A24-2DF4-49D7-9E7C-172B91A4819D}
[2011/12/04 14:59:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{86174AD7-B808-4632-B690-B167D547250C}
[2011/12/04 02:59:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F92143F6-10CB-490E-9D7A-F355107E6C6A}
[2011/12/04 02:58:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F7781457-726E-44B6-B602-C7B85390AF0B}
[2011/12/03 14:58:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{36F244C4-9E21-442C-AF42-82EBD68E7742}
[2011/12/03 14:58:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{E94406BC-9AA3-458F-ACD6-179DF1CC9148}
[2011/12/02 23:38:18 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8B5E6C03-F0B4-4682-875F-39586F1983E3}
[2011/12/02 23:38:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{CC731B67-18F3-4C9A-9EC6-3B296AF46153}
[2011/12/02 11:37:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{06D959BE-7F7D-4309-9496-07A7D458F246}
[2011/12/02 11:37:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{56572B07-142F-4081-85CA-51D3C984C54D}
[2011/12/01 23:37:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{478EE3B1-1A9B-41EF-94AC-FA9F40C80967}
[2011/12/01 23:36:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{84347A3B-8113-4B3E-9709-91022119701E}
[2011/12/01 11:36:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{76E1E5EA-DEDA-4809-B2C4-177ABADBA1FB}
[2011/12/01 11:35:34 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{38927782-984A-44A7-AF03-32A6270F4CE4}
[2011/11/30 23:35:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{14241E2F-5373-4B3D-AFFE-83470DA87E8D}
[2011/11/30 23:35:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1C558F9A-21C8-4588-A5E2-2FE26D18634D}
[2011/11/30 11:34:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6C65F25E-0387-4E72-92C4-B5633CC7CED6}
[2011/11/30 11:34:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C88953EE-2007-4CC8-B736-D4DA0E3C6E85}
[2011/11/29 23:34:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{50E3E953-7108-43F8-A67E-25F096E8AD59}
[2011/11/29 23:34:03 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{30BEFDD4-EDDC-4594-8B5E-1ED3850E785C}
[2011/11/29 11:33:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{19DE920F-7A68-45A8-BDD6-B9F4C9833F53}
[2011/11/29 11:33:38 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FA8AFA17-E427-4471-BC8B-6C64FA743701}
[2011/11/28 23:33:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{61E2DEE4-25D6-4DEF-AE57-78E486D94EBD}
[2011/11/28 23:32:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{96BF493A-BE89-487E-A22F-7DB9514175E1}
[2011/11/28 22:32:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/11/28 11:32:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A35C8ABB-3852-4A89-BAC0-45B724216A12}
[2011/11/28 11:32:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{CA23B17C-2731-4F55-9923-D2050C297A47}
[2011/11/27 23:31:57 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EF354118-0E61-42CC-B284-B85F3186CE30}
[2011/11/27 23:31:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1EEEF8AE-C235-428E-A3C7-124865140D05}
[2011/11/27 18:23:48 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2011/11/27 18:21:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Roblox
[2011/11/27 11:31:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{4357C263-67FF-4DA3-B06A-221E0AC81FD2}
[2011/11/27 11:31:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EEFB06E1-2B66-4452-9E3D-F129AFC9A440}
[2011/11/26 22:47:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B3034F12-E916-4F33-B3AD-6A100FDC05FE}
[2011/11/26 22:46:51 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{99EFC82D-F824-49E8-8A75-FCD2A63F7972}
[2011/11/26 10:46:39 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{BC42D2D6-99F0-42F6-A268-F7511C37114D}
[2011/11/26 10:46:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{781771CA-D2FC-4600-9109-9FBEE901CF10}
[2011/11/25 22:23:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{20AD0FD8-947E-43F3-8B71-1CA5DFD38DAB}
[2011/11/25 22:22:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{43B1FCED-E046-43B6-B24A-DEDFBD3F7C01}
[2011/11/25 10:22:28 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D40C3486-E26E-4A41-B1A3-DC3BC2289B19}
[2011/11/25 10:21:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{E26A47F8-83B9-430F-B8F4-D014A065E4C8}
[2011/11/24 22:21:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1C3229FB-78D2-4670-B444-8E25A4D2422A}
[2011/11/24 22:21:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F28CF0F7-3403-456E-B1B2-EBD9D1F7D28A}
[2011/11/24 10:20:56 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{ECD0CD73-2F8B-4E63-8D21-757FDBA7E512}
[2011/11/24 10:20:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D6A09B99-EB40-4BDE-9336-610FBFAE7A3C}
[2011/11/23 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C801CA8A-0588-4925-BC46-C6CEF4F2FFE9}
[2011/11/23 22:20:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3FA4485E-AD3E-4B21-ABC5-EE129D66B7A5}
[2011/11/23 10:19:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A3200E17-F956-4AEE-A098-E18A66239BBB}
[2011/11/23 10:19:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3445F4CD-9F39-445A-807A-93F63045782F}
[2011/11/22 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8193D54F-2106-4979-9B61-542A27EEBF2F}
[2011/11/22 22:18:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6EC022A6-98CA-4608-B6B5-E05056B2100D}
[2011/11/22 10:18:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{DDA52B8E-3555-40FB-A186-483EB44115D3}
[2011/11/22 10:18:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D34CB030-07DB-4A92-BB21-D798F87B0366}
[2011/11/21 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7535311A-2A7F-46A6-AC83-EC58183229EE}
[2011/11/21 22:17:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{934E9E23-5D96-43C9-ADB0-616C070CF3E3}
[2011/11/21 10:17:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{049E1616-F4BA-4A62-B261-FDB76E172B5D}
[2011/11/21 10:16:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{455756A4-AB58-4DAC-B744-F628ADC0E4D1}
[2011/11/20 20:39:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F5D31042-BF07-41F6-92C7-BCABF04769E5}
[2011/11/20 20:39:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C29E1795-5E4D-4C41-9097-C0C70AF573F6}
[2011/11/20 08:39:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{927E3174-C20E-4EB5-A80A-7A27E960666F}
[2011/11/20 08:38:56 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{BA64CB01-0547-476D-8DCC-658C2EBB7046}
[2011/11/19 12:08:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{465CF9BF-1BAF-4948-A1DE-680AE2CBCB89}
[2011/11/19 12:08:29 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8DEF8B21-4773-47BC-9EDB-C0B30DBA9ED5}
[2011/11/19 00:08:03 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{00685735-1708-44D2-B8CA-1822053C2684}
[2011/11/19 00:07:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6AE0626F-D1B2-427F-A7C9-0995A86FD699}
[2011/11/18 12:07:39 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EC56558A-FBA7-4B80-8992-C5F7ECF8E31C}
[2011/11/18 12:07:28 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A3B7B146-D917-4395-81EF-18434E00A19A}
[2011/11/18 00:07:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FAE59918-FFE1-4F6B-B041-B305F0FF336D}
[2011/11/18 00:06:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B835ED44-06E0-40A9-9A8C-38E7D66F7A4B}
[2011/11/17 12:06:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6EA71EAC-DA59-4F85-A996-2E56730B9A54}
[2011/11/17 12:06:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{0E1D0EB1-4779-4250-845F-B53AE81810B0}
[2011/11/16 22:49:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{52F00D34-95E6-4FBF-BF42-D0733D4F3287}
[2011/11/16 22:49:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{2F060A44-D204-42DC-B296-7B8058A9A6C9}
[2011/11/16 20:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/16 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{747210D9-E3EC-4BBB-A5D5-4230EE86906D}
[2011/11/16 10:48:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{AC9D238C-AC7D-4DAD-92B5-F76BF5E57A62}
[2011/11/15 22:48:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B069B466-0EB9-43DA-9DE2-493ABE4F068E}
[2011/11/15 22:48:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B91CABEA-CD05-4ACB-818E-E173035AA667}
[2011/11/15 17:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/15 17:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/15 17:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/15 17:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/15 17:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/15 10:47:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{077AAADD-5674-4BE2-B3BB-5C63CBF27D6C}
[2011/11/15 10:47:38 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{2A5A4F61-4F2E-4030-8D4D-ED975D7C19A8}

========== Files - Modified Within 30 Days ==========

[2011/12/14 16:11:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/14 16:04:06 | 000,000,512 | ---- | M] () -- C:\Users\Home\MBR.dat
[2011/12/14 15:55:30 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/14 15:55:08 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 15:55:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 15:55:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/14 15:54:57 | 2011,717,632 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/14 13:52:24 | 367,980,602 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/14 13:21:06 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1553909927-1088209007-267712942-1000UA.job
[2011/12/14 10:29:16 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/12/14 09:52:49 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/13 21:20:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1553909927-1088209007-267712942-1000Core.job
[2011/12/13 20:00:50 | 000,518,307 | ---- | M] () -- C:\Users\Home\Documents\75589843-Teacher-gift-tag.pdf
[2011/12/12 21:31:56 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/12/12 12:54:20 | 000,140,185 | ---- | M] () -- C:\Users\Home\lights.jpg
[2011/12/12 12:35:05 | 000,127,772 | ---- | M] () -- C:\Users\Home\games.jpg
[2011/12/12 11:35:06 | 000,200,704 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/11 20:24:19 | 000,054,674 | ---- | M] () -- C:\Users\Home\mario.jpg
[2011/12/09 12:04:57 | 000,001,082 | ---- | M] () -- C:\Users\Home\Desktop\Play Roblox.lnk
[2011/12/07 00:18:42 | 000,082,905 | ---- | M] () -- C:\Users\Home\bite.jpg
[2011/12/07 00:16:19 | 000,018,451 | ---- | M] () -- C:\Users\Home\add.jpg
[2011/12/05 23:35:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/04 19:37:06 | 000,011,649 | ---- | M] () -- C:\Users\Home\68719714842_AGbd6uY2_c.jpg
[2011/12/03 00:15:16 | 000,031,220 | ---- | M] () -- C:\Users\Home\trooper.jpg
[2011/11/29 21:56:51 | 000,000,680 | ---- | M] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2011/11/28 23:21:09 | 000,074,092 | ---- | M] () -- C:\Users\Home\moustache.jpg
[2011/11/28 22:33:22 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/28 11:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 11:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/28 10:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/28 10:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/28 10:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/28 10:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/28 10:52:07 | 000,055,128 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/28 10:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/23 23:58:18 | 000,620,242 | ---- | M] () -- C:\Users\Home\santa chimney vintage image graphicsfairy4c.jpg
[2011/11/17 12:06:29 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/17 12:02:17 | 000,510,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/16 20:16:40 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/15 17:55:56 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/15 17:52:06 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/12/14 16:04:06 | 000,000,512 | ---- | C] () -- C:\Users\Home\MBR.dat
[2011/12/14 13:52:24 | 367,980,602 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/14 13:35:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/14 13:35:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/14 13:35:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/14 13:35:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/14 13:35:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 20:00:50 | 000,518,307 | ---- | C] () -- C:\Users\Home\Documents\75589843-Teacher-gift-tag.pdf
[2011/12/12 12:54:19 | 000,140,185 | ---- | C] () -- C:\Users\Home\lights.jpg
[2011/12/12 12:35:04 | 000,127,772 | ---- | C] () -- C:\Users\Home\games.jpg
[2011/12/11 20:24:17 | 000,054,674 | ---- | C] () -- C:\Users\Home\mario.jpg
[2011/12/07 00:18:42 | 000,082,905 | ---- | C] () -- C:\Users\Home\bite.jpg
[2011/12/07 00:16:17 | 000,018,451 | ---- | C] () -- C:\Users\Home\add.jpg
[2011/12/04 19:37:05 | 000,011,649 | ---- | C] () -- C:\Users\Home\68719714842_AGbd6uY2_c.jpg
[2011/12/03 00:15:13 | 000,031,220 | ---- | C] () -- C:\Users\Home\trooper.jpg
[2011/11/28 23:21:09 | 000,074,092 | ---- | C] () -- C:\Users\Home\moustache.jpg
[2011/11/28 22:33:22 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/28 22:33:21 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/27 18:23:48 | 000,001,082 | ---- | C] () -- C:\Users\Home\Desktop\Play Roblox.lnk
[2011/11/23 23:58:05 | 000,620,242 | ---- | C] () -- C:\Users\Home\santa chimney vintage image graphicsfairy4c.jpg
[2011/11/16 20:16:40 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/15 17:55:56 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/15 17:52:06 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/09 12:40:57 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/04/12 17:05:57 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/04/12 17:05:31 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2011/04/12 17:05:31 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2011/04/12 17:05:31 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2011/04/12 17:05:31 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2011/04/12 17:05:31 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2011/04/12 17:05:14 | 000,000,528 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/01/17 19:37:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/12 14:22:53 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/08 09:41:07 | 000,211,868 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/12/11 17:15:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance Kit
[2010/12/11 17:15:45 | 000,000,268 | RH-- | C] () -- C:\Users\Home\AppData\Roaming\Contextual Menu Items
[2010/12/11 17:15:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/12/02 12:22:47 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2010/11/28 10:58:40 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2010/11/28 10:37:58 | 000,148,866 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/11/28 10:37:50 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/11/14 21:22:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/14 19:44:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/14 19:44:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/14 18:40:33 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/11/14 17:25:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/14 12:42:19 | 000,025,602 | ---- | C] () -- C:\Windows\System32\veuntli.dll
[2010/11/12 23:46:02 | 000,000,143 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/11/12 20:45:57 | 000,200,704 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/12 20:13:15 | 000,000,010 | ---- | C] () -- C:\Windows\WinInit.ini
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2007/09/03 12:00:47 | 000,107,026 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/09/03 11:46:49 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/09/03 11:44:21 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007/09/03 11:44:21 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/07/19 08:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,510,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,611,664 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,109,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/01/30 14:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\System32\unicows.dll

< End of report >
  • 0

#8
womanandmom
Posted 14 December 2011 - 05:15 PM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
OTL Extras logfile created on: 14/12/2011 4:06:24 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Home\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 50.46% Memory free
3.98 Gb Paging File | 3.00 Gb Available in Paging File | 75.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.21 Gb Total Space | 132.19 Gb Free Space | 45.71% Space Free | Partition Type: NTFS
Drive D: | 8.88 Gb Total Space | 1.20 Gb Free Space | 13.51% Space Free | Partition Type: NTFS

Computer Name: HOMEPC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2F2A3419-2044-4EE1-8FD4-E20E9466A4D1}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{3F2BCA5D-82D6-4808-933A-74E2F90B553C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{44B5B3A2-9830-4066-943A-461012D697FF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{64F3D02C-7E26-43BA-91A3-7A7C6052151A}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |
"{662BEA96-A52F-44C8-9D32-A7B2EBDA43CB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{73EB5C0F-B925-46C9-BC61-4EB1C30F4CE9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A59A4779-C99D-4A6B-B0AD-7B11C1D3FA9C}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{D7B74BE1-10C7-475C-98ED-7DD1F43AF24E}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{F4392724-B5A2-44F2-9941-98461BD0F7FE}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033BA6F7-689B-43FA-85A8-4708969F546A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{06C3C5E6-FE3C-41B2-A7D2-ECDD224F98E5}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{10D18A0E-E9FF-427C-90DD-671F93D35821}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{13AFDA54-C863-4F4E-9C1C-611952ADA207}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{23312FFA-8971-4721-9685-D55BDD721802}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{244D3D06-93F7-4D70-9C7D-F25D18738C90}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{25747B5D-6447-4679-9867-F635D6DAF414}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{2E90AD26-33F4-4948-B52D-82795D3AFA3E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3312BBD2-BA1F-4BDE-A57B-7867ABCF66DF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{354DC2B4-9C78-45A3-B1AB-7FE7FA136E55}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{3A6E7B10-8E01-4B92-AF9F-4F275B8B63B5}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3B25047A-8022-4565-9E9E-2C41CD24E40C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F356901-B5CB-45B9-BA38-A180524DAF75}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{5B027EC5-6AEB-4514-A15C-433E5D1F2C36}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5B8B7BEB-493C-41C9-82A0-89B29608D8EB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{60181C6A-6CD8-4841-AC12-FE3B808A8C5B}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6D074B7A-1372-453C-B7FC-EC9563F707CE}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7D1CDE5D-3F5E-4F05-B135-507D74A95CA9}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{8399A8D1-E27B-47BA-95AB-CEAFE0EA7081}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{87C48EDC-8B64-4393-BF25-87AD2D74775F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{893BA2AC-2553-42E1-A662-246554469D22}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{8A38C246-56EF-4EE0-BAAE-5CC8F6103290}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{8B82A62B-8A6F-4123-A79D-18E33498B9B8}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{91E692F6-CE50-48CF-ADBB-B5DE45DEBEF9}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{985E66D9-900A-4AF8-B6AA-E025339DB5CB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9D52679D-0BB7-4437-A461-024491BC7888}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{AA35CA18-D873-44FA-9C2F-A870050F59C9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B44C0334-60B3-4A0E-8DA1-3D81097881C7}" = dir=in | app=c:\windows\system32\netdiagfx32.exe |
"{BCFE8648-62ED-438C-A415-41B29AEF3BAE}" = dir=in | app=c:\windows\system32\netdiagfx32.exe |
"{C6773F2A-F35F-4485-BD6D-28F41D83654E}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{D77A8593-64F1-4A60-A55D-1CF228B46533}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DD807A50-A9DF-4DAD-B7E3-7FA7A4B4ACED}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{DFB25F23-76D3-4565-BF81-3B6E59A1DFC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0D655CF-B3F2-491B-8403-974BF42B4D0F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4F4EE71-17BC-40A7-9384-FC8FCD8812ED}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E5C0AD87-8ED4-4415-9E42-0185C5236021}" = dir=in | app=c:\program files\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{E6AA36EF-2BB8-4F37-8EBC-397C90F97F07}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EA12D208-12A8-4746-A1B9-5026B9A4E130}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA73C890-CE84-42AA-9C4F-DC42768AFE2E}" = dir=in | app=c:\windows\system32\netdiagfx32.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}" = HP Active Support Library
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0FD155A3-DF78-43ee-84B0-3CC86BA962F2}_is1" = Sothink Video Converter
"{11E9DB47-6A91-43ED-8B8D-C3260456C3BB}" = Ancestry World Archives Project - Keying Tool
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio Easy VHS to DVD Content
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Easy VHS to DVD
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Easy VHS to DVD
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95DDA791-568E-49B9-B142-933BC44A79E5}" = Roxio Easy VHS to DVD
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC015C45-1667-40A4-A126-966EE5629062}" = Quicken 2010
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"HaaliMkx" = Haali Media Splitter
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Rhapsody" = Rhapsody
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"Wondershare PPT2DVD Pro_is1" = Wondershare PPT2DVD Pro 6.1.6
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Home
"Akamai" = Akamai NetSession Interface
"ClosetMaid v1.5.2" = ClosetMaid v1.5.2
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Smilebox" = Smilebox
"SOE-Clone Wars" = Clone Wars
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/12/2011 8:04:54 PM | Computer Name = HomePC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/12/2011 8:04:54 PM | Computer Name = HomePC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/12/2011 8:04:54 PM | Computer Name = HomePC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/12/2011 8:04:54 PM | Computer Name = HomePC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/12/2011 8:04:54 PM | Computer Name = HomePC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/12/2011 8:04:55 PM | Computer Name = HomePC | Source = Windows Search Service | ID = 3013
Description =

Error - 06/12/2011 8:04:55 PM | Computer Name = HomePC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/12/2011 1:59:39 PM | Computer Name = HomePC | Source = Application Hang | ID = 1002
Description = The program iTunes.exe version 10.5.1.42 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d28 Start Time: 01ccb8f6a59ddf1a Termination Time: 49

Error - 12/12/2011 2:15:06 PM | Computer Name = HomePC | Source = Application Error | ID = 1000
Description = Faulting application iTunes.exe, version 10.5.1.42, time stamp 0x4ebf7d7c,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception
code 0xc0000005, fault offset 0x0003de2d, process id 0x129c, application start time
0x01ccb8f8e56bf80a.

Error - 12/12/2011 2:52:55 PM | Computer Name = HomePC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module Mpeg2DecFilter.ax_unloaded, version 0.0.0.0, time stamp
0x4411e810, exception code 0xc0000005, fault offset 0x0862ceb0, process id 0xb00,
application start time 0x01ccb8edbdf4656a.

[ OSession Events ]
Error - 21/02/2011 2:13:04 PM | Computer Name = HomePC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1519
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/07/2011 4:34:07 PM | Computer Name = HomePC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6510
seconds with 3000 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/12/2011 4:32:42 PM | Computer Name = HomePC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:29:54 PM on 14/12/2011 was unexpected.

Error - 14/12/2011 4:33:40 PM | Computer Name = HomePC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/12/2011 4:34:26 PM | Computer Name = HomePC | Source = Service Control Manager | ID = 7022
Description =

Error - 14/12/2011 4:40:04 PM | Computer Name = HomePC | Source = Service Control Manager | ID = 7034
Description =

Error - 14/12/2011 4:40:29 PM | Computer Name = HomePC | Source = Service Control Manager | ID = 7030
Description =

Error - 14/12/2011 4:52:29 PM | Computer Name = HomePC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:50:59 PM on 14/12/2011 was unexpected.

Error - 14/12/2011 4:54:04 PM | Computer Name = HomePC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/12/2011 4:54:48 PM | Computer Name = HomePC | Source = Service Control Manager | ID = 7022
Description =

Error - 14/12/2011 6:56:43 PM | Computer Name = HomePC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/12/2011 6:56:52 PM | Computer Name = HomePC | Source = Service Control Manager | ID = 7022
Description =


< End of report >
  • 0

#9
womanandmom
Posted 14 December 2011 - 10:54 PM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Hi the boot scan found: Threat: EICAR Test-NOT a virus!!!
It was moved into the chest, looks like it's a txt file?
I can't find the text file you were hoping I would.
  • 0

#10
RKinner
Posted 15 December 2011 - 12:35 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If EICAR is all it found then we are not dealing with a virus here. EICAR is just a file used to test if an antivirus is working tho I have no idea what it is doing on your PC. http://en.wikipedia....EICAR_test_file

Go on with the remainder of the instructions. Let's see if any of the other programs finds something. What events I can see in the Extras log would point toward a hardware problem of some kind. Overheating, weak power supply, bad memory, bad hard drive - that kind of thing. Hopefully I will know more when you finish the list.
  • 0

Advertisements

#11
womanandmom
Posted 15 December 2011 - 03:02 PM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
"The disk check will run and will probably take an hour or more to finish."
lol it took 5.

Moving on to the rest!
  • 0

#12
womanandmom
Posted 15 December 2011 - 03:33 PM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
"sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)"

Do you mean the list of "the following files have not been digitally signed"?
There are probably 40, none of them have dates.
  • 0

#13
womanandmom
Posted 15 December 2011 - 03:34 PM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
In fact it says
Files found:296
Signed: 178
Unsigned:117
Files not scanned:1
  • 0

#14
womanandmom
Posted 15 December 2011 - 03:37 PM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 15/12/2011 2:36:46 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/12/2011 8:56:01 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 15/12/2011 8:54:41 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/12/2011 9:27:27 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2633171(Security Update) is not applicable for this system

Log: 'System' Date/Time: 15/12/2011 9:27:27 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2633171(Security Update) is not applicable for this system

Log: 'System' Date/Time: 15/12/2011 9:27:19 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2639417(Security Update) is not applicable for this system

Log: 'System' Date/Time: 15/12/2011 9:27:19 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2639417(Security Update) is not applicable for this system

Log: 'System' Date/Time: 15/12/2011 9:27:07 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB905866(Update) is not applicable for this system

Log: 'System' Date/Time: 15/12/2011 9:25:45 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2620712(Security Update) is not applicable for this system

Log: 'System' Date/Time: 15/12/2011 9:25:45 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2620712(Security Update) is not applicable for this system
  • 0

#15
womanandmom
Posted 15 December 2011 - 03:42 PM

womanandmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 82 posts
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 76.88 0 K 24 K
procexp.exe 2908 15.42 20,884 K 27,992 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
dwm.exe 3300 3.85 88,832 K 91,308 K Desktop Window Manager Microsoft Corporation
svchost.exe 1612 1.54 6,988 K 6,536 K Host Process for Windows Services Microsoft Corporation
explorer.exe 3256 1.54 39,444 K 53,028 K Windows Explorer Microsoft Corporation
System 4 0.77 0 K 1,612 K
csrss.exe 676 < 0.01 2,296 K 7,784 K Client Server Runtime Process Microsoft Corporation
netsession_win.exe 1540 < 0.01 7,636 K 8,100 K Akamai NetSession Client Akamai Technologies, Inc
firefox.exe 1528 < 0.01 114,644 K 139,156 K Firefox Mozilla Corporation
wmpnetwk.exe 2776 < 0.01 4,664 K 6,484 K Windows Media Player Network Sharing Service Microsoft Corporation
csrss.exe 612 < 0.01 1,700 K 4,948 K Client Server Runtime Process Microsoft Corporation
SearchIndexer.exe 2320 < 0.01 40,236 K 11,692 K Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 1152 < 0.01 17,368 K 11,656 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1052 < 0.01 62,656 K 21,476 K Host Process for Windows Services Microsoft Corporation
AvastUI.exe 3724 < 0.01 12,260 K 5,160 K avast! Antivirus AVAST Software
AvastSvc.exe 1712 < 0.01 27,020 K 25,456 K avast! Service AVAST Software
svchost.exe 1580 < 0.01 15,908 K 11,368 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1012 < 0.01 3,652 K 6,264 K Host Process for Windows Services Microsoft Corporation
rundll32.exe 1488 < 0.01 4,076 K 5,044 K Windows host process (Rundll32) Microsoft Corporation
lsass.exe 724 < 0.01 3,832 K 2,660 K Local Security Authority Process Microsoft Corporation
svchost.exe 1192 < 0.01 62,676 K 62,664 K Host Process for Windows Services Microsoft Corporation
netsession_win.exe 3960 < 0.01 2,852 K 4,660 K Akamai NetSession Client Akamai Technologies, Inc
svchost.exe 1236 < 0.01 80,412 K 79,940 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 484 < 0.01 11,652 K 16,028 K Spooler SubSystem App Microsoft Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
YahooAUService.exe 2532 4,252 K 6,768 K AutoUpater Service Module Yahoo! Inc.
XAudio.exe 2496 1,052 K 2,304 K Modem Audio Service Conexant Systems, Inc.
WUDFHost.exe 2432 3,372 K 4,044 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
wuauclt.exe 1512 2,928 K 5,848 K Windows Update Microsoft Corporation
wmpnscfg.exe 3800 2,080 K 4,792 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 2264 3,248 K 5,716 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 2376 1,212 K 2,636 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WLIDSVC.EXE 2220 7,012 K 8,136 K Microsoft® Windows Live ID Service Microsoft Corp.
winlogon.exe 796 2,436 K 4,900 K Windows Logon Application Microsoft Corporation
wininit.exe 664 1,564 K 3,488 K Windows Start-Up Application Microsoft Corporation
taskeng.exe 3408 9,872 K 9,008 K Task Scheduler Engine Microsoft Corporation
taskeng.exe 3224 2,188 K 5,256 K Task Scheduler Engine Microsoft Corporation
svchost.exe 928 3,468 K 6,024 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1344 2,320 K 4,312 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1388 7,828 K 8,620 K Host Process for Windows Services Microsoft Corporation
svchost.exe 568 11,740 K 8,488 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1804 4,008 K 6,580 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3968 2,204 K 26,640 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2124 4,868 K 5,508 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2088 1,832 K 3,844 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2040 1,148 K 2,816 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2164 792 K 2,188 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2076 1,052 K 2,648 K Host Process for Windows Services Microsoft Corporation
smss.exe 468 296 K 684 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1364 6,108 K 4,780 K Microsoft Software Licensing Service Microsoft Corporation
sigverif.exe 3364 9,772 K 14,616 K File Signature Verification Microsoft Corporation
services.exe 708 2,752 K 6,128 K Services and Controller app Microsoft Corporation
plugin-container.exe 1784 13,288 K 16,680 K Plugin Container for Firefox Mozilla Corporation
nvvsvc.exe 984 1,404 K 3,040 K NVIDIA Driver Helper Service, Version 175.21 NVIDIA Corporation
MSCamS32.exe 1800 7,512 K 5,248 K MsCamSvc.exe Microsoft Corporation
lsm.exe 732 2,112 K 3,552 K Local Session Manager Service Microsoft Corporation
audiodg.exe 1324 15,908 K 13,340 K Windows Audio Device Graph Isolation Microsoft Corporation
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP