Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help purging kwrd.dll malware (PUP.Bitminer) [Solved]

Started by emeraldire , Dec 23 2011 01:28 AM

  • This topic is locked This topic is locked

#46
michaelg9
Posted 06 January 2012 - 12:57 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
That's it!! :cheers: :woot:
I'm going to have a break too, and post back tomorrow :popcorn:
  • 0

Advertisements

#47
michaelg9
Posted 07 January 2012 - 07:13 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Let's have a fresh look at your computer.

Please delete ALL the tools I've told you to download, and we'll start again with new (and updated) ones


Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :thumbsup:

Next:


Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#48
emeraldire
Posted 07 January 2012 - 08:16 PM

emeraldire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
1. Here is the aswMBR.txt log file.
Please note, just as the first time I did it, that the same AVAST error messages occurred this time around (no surprise).

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-07 19:51:32
-----------------------------
19:51:32.585 OS Version: Windows x64 6.1.7601 Service Pack 1
19:51:32.595 Number of processors: 4 586 0x403
19:51:32.595 ComputerName: WOOD-PC UserName: Wood
19:51:33.745 Initialize success
19:56:49.489 AVAST engine error: 2
19:58:24.229 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
19:58:24.229 Disk 0 Vendor: AMD_____ 1.10 Size: 457763MB BusType: 8
19:58:24.249 Disk 0 MBR read successfully
19:58:24.249 Disk 0 MBR scan
19:58:24.259 Disk 0 Windows 7 default MBR code
19:58:24.269 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:58:24.289 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 457661 MB offset 206848
19:58:24.299 Service scanning
19:58:25.299 Modules scanning
19:58:25.299 Disk 0 trace - called modules:
19:58:25.309 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll amdsbs.sys
19:58:25.319 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a9f060]
19:58:25.329 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8006aed610]
19:58:25.659 Scan finished successfully
19:58:39.329 Disk 0 MBR has been saved successfully to "C:\Users\Wood\Desktop\MBR.dat"
19:58:39.329 The log file has been saved successfully to "C:\Users\Wood\Desktop\aswMBR.txt"

Attached File  MBR.zip   560bytes   94 downloads


2. Here is the OTL Log from the Run Scan:

OTL logfile created on: 1/7/2012 8:06:06 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Wood\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.97 Gb Available Physical Memory | 74.73% Memory free
15.98 Gb Paging File | 13.59 Gb Available in Paging File | 85.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.93 Gb Total Space | 355.67 Gb Free Space | 79.58% Space Free | Partition Type: NTFS
Drive E: | 967.22 Mb Total Space | 753.94 Mb Free Space | 77.95% Space Free | Partition Type: FAT

Computer Name: WOOD-PC | User Name: Wood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/07 20:01:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Wood\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/03 05:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/10/12 16:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/03/12 04:40:54 | 000,136,544 | ---- | M] () -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
PRC - [2009/11/24 14:25:28 | 001,874,432 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
PRC - [2009/11/05 19:26:00 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/11/05 19:26:00 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/11/05 19:26:00 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/11/05 19:26:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/08/19 05:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe


========== Modules (No Company Name) ==========

MOD - [2009/04/29 13:24:44 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Key\pngio.dll
MOD - [2009/04/29 13:24:44 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Key\AiNap.dll
MOD - [2009/04/29 13:24:44 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Key\vvc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/03 05:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 04:40:54 | 000,136,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/11/05 19:26:00 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/08/19 05:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/25 00:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/07 08:52:29 | 000,051,280 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/09/07 08:52:09 | 000,121,936 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/09/07 08:47:49 | 000,028,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/09/07 08:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/09/07 08:47:10 | 000,020,048 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/07/21 16:14:24 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/07/21 16:14:24 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/03/12 04:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@Citrix.com/npagee64,version=9.1.104.5: C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.1.104.5: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Wood\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Wood\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Wood\Music\RM_RehearsalDinner\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Wood\AppData\Roaming\Move Networks [2011/01/26 00:00:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/04 00:01:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: invesco.com ([ras.na] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23DAD21F-4E8B-4582-860D-0D5ACEC09E93}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: vsmon - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/07 20:01:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Wood\Desktop\OTL.exe
[2012/01/07 19:46:41 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Wood\Desktop\aswMBR.exe
[2012/01/06 11:15:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-TW
[2012/01/06 11:15:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-HK
[2012/01/06 11:15:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-CN
[2012/01/06 11:15:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\winrm
[2012/01/06 11:15:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WCN
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\uk-UA
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\tr-TR
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\th-TH
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Tasks
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sv-SE
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sr-Latn-CS
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sppui
[2012/01/06 11:15:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\spp
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SMI
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sl-SI
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\slmgr
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sk-SK
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ru-RU
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ro-RO
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\restore
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Recovery
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ras
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pt-PT
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pt-BR
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Printing_Admin_Scripts
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pl-PL
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nl-NL
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NetworkList
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NDF
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nb-NO
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MUI
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Msdtc
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Microsoft
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\manifeststore
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\lv-LV
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\lt-LT
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ko-KR
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja-JP
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\it
[2012/01/06 11:15:19 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\ntfs.sys.mui
[2012/01/06 11:15:19 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\ntfs.sys.mui
[2012/01/06 11:15:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\tcpip.sys.mui
[2012/01/06 11:15:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\tcpip.sys.mui
[2012/01/06 11:15:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\ndis.sys.mui
[2012/01/06 11:15:19 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\http.sys.mui
[2012/01/06 11:15:19 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\mpio.sys.mui
[2012/01/06 11:15:19 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\ndis.sys.mui
[2012/01/06 11:15:19 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\http.sys.mui
[2012/01/06 11:15:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\bfe.dll.mui
[2012/01/06 11:15:19 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\volsnap.sys.mui
[2012/01/06 11:15:19 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\mpio.sys.mui
[2012/01/06 11:15:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\bfe.dll.mui
[2012/01/06 11:15:19 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\usbport.sys.mui
[2012/01/06 11:15:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\usbport.sys.mui
[2012/01/06 11:15:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\volsnap.sys.mui
[2012/01/06 11:15:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\processr.sys.mui
[2012/01/06 11:15:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\intelppm.sys.mui
[2012/01/06 11:15:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\amdppm.sys.mui
[2012/01/06 11:15:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\amdk8.sys.mui
[2012/01/06 11:15:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\afd.sys.mui
[2012/01/06 11:15:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\pacer.sys.mui
[2012/01/06 11:15:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\fvevol.sys.mui
[2012/01/06 11:15:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\nwifi.sys.mui
[2012/01/06 11:15:19 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\pacer.sys.mui
[2012/01/06 11:15:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\afd.sys.mui
[2012/01/06 11:15:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\processr.sys.mui
[2012/01/06 11:15:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\intelppm.sys.mui
[2012/01/06 11:15:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\fvevol.sys.mui
[2012/01/06 11:15:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\amdppm.sys.mui
[2012/01/06 11:15:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\amdk8.sys.mui
[2012/01/06 11:15:19 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\nwifi.sys.mui
[2012/01/06 11:15:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\usbhub.sys.mui
[2012/01/06 11:15:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\usbhub.sys.mui
[2012/01/06 11:15:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\ohci1394.sys.mui
[2012/01/06 11:15:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\ohci1394.sys.mui
[2012/01/06 11:15:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\1394ohci.sys.mui
[2012/01/06 11:15:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\1394ohci.sys.mui
[2012/01/06 11:15:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\serial.sys.mui
[2012/01/06 11:15:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\i8042prt.sys.mui
[2012/01/06 11:15:19 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrSerId.sys.mui
[2012/01/06 11:15:19 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrSerIb.sys.mui
[2012/01/06 11:15:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\acpi.sys.mui
[2012/01/06 11:15:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\serial.sys.mui
[2012/01/06 11:15:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\i8042prt.sys.mui
[2012/01/06 11:15:19 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerId.sys.mui
[2012/01/06 11:15:19 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerIb.sys.mui
[2012/01/06 11:15:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\battc.sys.mui
[2012/01/06 11:15:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\pci.sys.mui
[2012/01/06 11:15:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\acpi.sys.mui
[2012/01/06 11:15:19 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\tunnel.sys.mui
[2012/01/06 11:15:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\pci.sys.mui
[2012/01/06 11:15:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\bthport.sys.mui
[2012/01/06 11:15:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\tunnel.sys.mui
[2012/01/06 11:15:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\bthport.sys.mui
[2012/01/06 11:15:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\msdsm.sys.mui
[2012/01/06 11:15:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\luafv.sys.mui
[2012/01/06 11:15:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\battc.sys.mui
[2012/01/06 11:15:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\rdvgkmd.sys.mui
[2012/01/06 11:15:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\rdvgkmd.sys.mui
[2012/01/06 11:15:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\ndiscap.sys.mui
[2012/01/06 11:15:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\luafv.sys.mui
[2012/01/06 11:15:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\IPMIDrv.sys.mui
[2012/01/06 11:15:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\IPMIDrv.sys.mui
[2012/01/06 11:15:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\sermouse.sys.mui
[2012/01/06 11:15:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\ndiscap.sys.mui
[2012/01/06 11:15:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\msdsm.sys.mui
[2012/01/06 11:15:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\fltmgr.sys.mui
[2012/01/06 11:15:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\sermouse.sys.mui
[2012/01/06 11:15:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\rdbss.sys.mui
[2012/01/06 11:15:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\fltmgr.sys.mui
[2012/01/06 11:15:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\tsusbhub.sys.mui
[2012/01/06 11:15:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\rdbss.sys.mui
[2012/01/06 11:15:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\mouclass.sys.mui
[2012/01/06 11:15:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\kbdclass.sys.mui
[2012/01/06 11:15:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\kbdclass.sys.mui
[2012/01/06 11:15:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\bthpan.sys.mui
[2012/01/06 11:15:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\bthpan.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\wacompen.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\wacompen.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vhdmp.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vdrvroot.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\tsusbhub.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\tpm.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\tpm.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\pcmcia.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\pcmcia.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\mouclass.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\isapnp.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\hdaudbus.sys.mui
[2012/01/06 11:15:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\hdaudbus.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\it-IT\pscr.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\en-US\pscr.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vhdmp.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vdrvroot.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\tsusbflt.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\portcls.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\portcls.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\parport.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\parport.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\modem.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\modem.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\isapnp.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\ipnat.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\ipnat.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\HdAudio.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\ataport.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\it-IT\atikmdag.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\umbus.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\umbus.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\tsusbflt.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\scsiport.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\scsiport.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\rndismpx.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\rndismpx.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\rndismp6.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\rndismp6.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\RNDISMP.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\RNDISMP.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\ndisuio.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\ndisuio.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\mssmbios.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\mssmbios.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\hidbth.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\hidbth.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\HdAudio.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\ataport.sys.mui
[2012/01/06 11:15:19 | 000,003,072 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\en-US\atikmdag.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\wdf01000.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\wdf01000.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vwifibus.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\volmgrx.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\volmgrx.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\usbrpm.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\ULIAGPKX.SYS.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\ULIAGPKX.SYS.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\UAGP35.SYS.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\UAGP35.SYS.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\srv.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\srv.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\serscan.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\serscan.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\scfilter.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\scfilter.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\rdpwd.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\rdpwd.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\qwavedrv.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\qwavedrv.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\pnpmem.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\pnpmem.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\partmgr.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\partmgr.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\NV_AGP.SYS.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\NV_AGP.SYS.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\MTConfig.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\MTConfig.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\mountmgr.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\mountmgr.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\mouhid.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\mouhid.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\kbdhid.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\kbdhid.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\GAGP30KX.SYS.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\GAGP30KX.SYS.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\Dot4usb.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\Dot4usb.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\disk.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\BTHUSB.SYS.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\BTHUSB.SYS.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\AGP440.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\AGP440.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrParwdm.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrParwdm.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\ws2ifsl.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\ws2ifsl.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\wd.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\wd.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vwifibus.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\usbrpm.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\disk.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\cdrom.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\cdrom.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\bthenum.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\bthenum.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\amdide.sys.mui
[2012/01/06 11:15:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\amdide.sys.mui
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\hu-HU
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\hr-HR
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\he-IL
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\fr-FR
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\fi-FI
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\et-EE
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\etc
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\es-ES
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\en
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\el-GR
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de-DE
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\da-DK
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\cs-CZ
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\CodeIntegrity
[2012/01/06 11:15:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot
[2012/01/06 11:15:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\bg-BG
[2012/01/06 11:15:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ar-SA
[2012/01/04 00:01:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/02 03:18:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/02 02:31:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/02 02:31:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/02 02:31:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/02 02:31:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/02 02:26:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 10:05:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/23 03:01:12 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/23 03:01:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/23 03:01:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/23 03:01:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/23 03:01:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/23 03:01:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/23 03:01:10 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/23 03:01:10 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/23 03:01:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/23 03:01:10 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/23 03:01:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/23 00:38:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/23 00:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 00:38:07 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/23 00:38:03 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/23 00:38:03 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

========== Files - Modified Within 30 Days ==========

[2012/01/07 20:01:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Wood\Desktop\OTL.exe
[2012/01/07 19:59:35 | 000,000,560 | ---- | M] () -- C:\Users\Wood\Desktop\MBR.zip
[2012/01/07 19:58:39 | 000,000,512 | ---- | M] () -- C:\Users\Wood\Desktop\MBR.dat
[2012/01/07 19:56:39 | 000,116,768 | ---- | M] () -- C:\Users\Wood\Desktop\aswMBR_Error_message.jpg
[2012/01/07 19:47:59 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Wood\Desktop\aswMBR.exe
[2012/01/07 10:29:53 | 000,001,683 | ---- | M] () -- C:\Users\Wood\Desktop\launch.ica.kssj2dd.partial
[2012/01/06 12:58:20 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 12:58:20 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 12:58:09 | 001,549,446 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/06 12:58:09 | 000,701,408 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/01/06 12:58:09 | 000,628,308 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/06 12:58:09 | 000,128,626 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/01/06 12:58:09 | 000,107,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/06 12:46:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/06 12:46:29 | 2140,995,583 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 06:50:03 | 000,003,924 | ---- | M] () -- C:\cryptsvc.reg
[2012/01/04 00:01:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/02 17:03:29 | 000,181,342 | ---- | M] () -- C:\Users\Wood\Desktop\DiskMgmt.jpg
[2012/01/01 20:49:50 | 000,000,797 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/12/31 18:24:52 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/27 23:59:52 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/23 03:20:52 | 000,415,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/23 03:03:31 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2011/12/23 01:07:53 | 000,007,608 | ---- | M] () -- C:\Users\Wood\AppData\Local\Resmon.ResmonCfg
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/07 19:59:35 | 000,000,560 | ---- | C] () -- C:\Users\Wood\Desktop\MBR.zip
[2012/01/07 19:58:39 | 000,000,512 | ---- | C] () -- C:\Users\Wood\Desktop\MBR.dat
[2012/01/07 19:55:31 | 000,116,768 | ---- | C] () -- C:\Users\Wood\Desktop\aswMBR_Error_message.jpg
[2012/01/07 10:30:00 | 000,001,683 | ---- | C] () -- C:\Users\Wood\Desktop\launch.ica.kssj2dd.partial
[2012/01/06 11:15:19 | 000,017,463 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\services
[2012/01/06 11:15:19 | 000,003,683 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\lmhosts.sam
[2012/01/06 11:15:19 | 000,001,358 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\protocol
[2012/01/06 11:15:19 | 000,000,407 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\networks
[2012/01/06 11:15:19 | 000,000,027 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/04 00:25:19 | 000,003,924 | ---- | C] () -- C:\cryptsvc.reg
[2012/01/02 17:03:29 | 000,181,342 | ---- | C] () -- C:\Users\Wood\Desktop\DiskMgmt.jpg
[2012/01/02 02:31:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/02 02:31:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/02 02:31:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/02 02:31:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/02 02:31:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/27 23:59:52 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/23 03:03:31 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/12/20 16:24:54 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/10/01 07:53:30 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/01 00:14:37 | 001,553,332 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/30 21:36:29 | 000,007,608 | ---- | C] () -- C:\Users\Wood\AppData\Local\Resmon.ResmonCfg
[2010/09/30 09:39:16 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/09/30 09:39:16 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/09/30 09:39:13 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/09/30 09:39:13 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/09/30 09:33:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/30 09:33:02 | 000,028,523 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/11/05 19:26:00 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2009/11/05 19:26:00 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 06:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/11/17 02:19:58 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\5C2DE
[2010/11/22 11:20:45 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Amazon
[2011/06/28 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\BitTorrent
[2010/09/30 19:29:48 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\CheckPoint
[2011/01/09 16:20:45 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\ICAClient
[2009/07/13 23:08:49 | 000,024,886 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/11/17 02:19:58 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\5C2DE
[2010/10/03 16:45:09 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Adobe
[2010/11/22 11:20:45 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Amazon
[2011/06/28 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\BitTorrent
[2010/09/30 19:29:48 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\CheckPoint
[2011/01/09 16:22:22 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Download Manager
[2011/01/09 16:20:45 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\ICAClient
[2010/09/29 04:38:09 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Identities
[2010/10/01 15:14:44 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\InstallShield
[2010/09/30 09:13:43 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Macromedia
[2011/12/02 02:43:28 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Malwarebytes
[2009/07/14 05:18:35 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Media Center Programs
[2011/03/10 06:26:22 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Media Player Classic
[2011/01/12 00:08:19 | 000,000,000 | --SD | M] -- C:\Users\Wood\AppData\Roaming\Microsoft
[2011/01/26 00:00:45 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Move Networks
[2011/01/09 15:21:07 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Mozilla
[2011/03/27 00:35:45 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\NVIDIA
[2010/10/01 01:18:03 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\SUPERAntiSpyware.com
[2011/12/23 00:14:16 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Ventrilo
[2011/03/09 21:39:23 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\WinRAR


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/03 00:10:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/03 00:10:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/03 00:10:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/03 00:10:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/03 00:10:44 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/03 00:10:43 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/03 00:10:43 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/03 00:10:43 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/03 00:10:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/05/03 00:10:44 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 538 bytes -> C:\Users\Wood\Desktop\launch.ica.kssj2dd.partial:icasource

< End of report >
  • 0

#49
michaelg9
Posted 10 January 2012 - 01:15 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Sorry for the late reply. I was very busy the last few days

Do you know what that file is:

C:\Users\Wood\Desktop\launch.ica.kssj2dd.partial



Next:

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way



Next:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image


Next:

I guess that this file is an image of the aswmbr error:

C:\Users\Wood\Desktop\aswMBR_Error_message.jpg

Can you post/attach it here please?
  • 0

#50
emeraldire
Posted 11 January 2012 - 05:28 AM

emeraldire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
1. Regarding the quoted question, below: Yes, this .ica file is part of the secure connection process I use to access my local desktop at work, remotely.

Do you know what that file is:

Quote

C:\Users\Wood\Desktop\launch.ica.kssj2dd.partial



2. attached OTS log:
Attached File  OTS.Txt   155.1KB   92 downloads


3. Kaspersky APVTool did not detect any threats, so no log to post.


4. attached Kaspersky AVPTool Manual DisInfection Gathered System Information:
Attached File  avptool_sysinfo.zip   10.13KB   93 downloads


5. image of the aswmbr error:
aswMBR_Error_message.jpg

Edited by emeraldire, 11 January 2012 - 05:38 AM.

  • 0

#51
emeraldire
Posted 11 January 2012 - 05:56 AM

emeraldire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Unsolicited information:
Below is a list of the objects that Kaspersky could not process during the automated scan (copied from 60Mb scan results). I am not sure if they are the same, but around 5-10 different objects were referenced during the scan in pop-up messages saying the files were password protected. None of the files were ones with which I am familiar. Not sure if this is helpful or not, but I didn't think it would be captured in the logs i posted, so I thought I would add it.

TIME RESULT DESCRIPTION TYPE PATH NAME REASON
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {f22a6cc5-3522-11e1-89d5-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {ef49321b-3119-11e1-9d0d-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {ef493197-3119-11e1-9d0d-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {cf203812-10f5-11e1-8ed7-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {c92d790f-1ced-11e1-a899-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {c92d779b-1ced-11e1-a899-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {baab1fdf-3896-11e1-88cd-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {ad9acd39-0ab3-11e1-9964-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {ad9acc46-0ab3-11e1-9964-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {52578f51-2d2f-11e1-88df-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {51bd8486-2abf-11e1-b7c4-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {4eae35d6-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {4eae3574-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {4eae3448-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {4eae3394-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {4eae3208-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {4eae3181-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {4eae3084-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:57:11 PM Not processed File C:\System Volume Information\ {0440bcff-17b5-11e1-b87b-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:46:31 PM Not processed File C:\ pagefile.sys Object is locked
1/10/2012 11:46:31 PM Not processed File C:\ hiberfil.sys Object is locked
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {f22a6cc5-3522-11e1-89d5-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {ef49321b-3119-11e1-9d0d-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {ef493197-3119-11e1-9d0d-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {cf203812-10f5-11e1-8ed7-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {c92d790f-1ced-11e1-a899-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {c92d779b-1ced-11e1-a899-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {baab1fdf-3896-11e1-88cd-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {ad9acd39-0ab3-11e1-9964-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {ad9acc46-0ab3-11e1-9964-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {52578f51-2d2f-11e1-88df-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {51bd8486-2abf-11e1-b7c4-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {4eae35d6-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {4eae3574-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {4eae3448-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {4eae3394-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {4eae3208-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {4eae3181-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {4eae3084-f574-11e0-a9a0-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:25:31 PM Not processed File C:\System Volume Information\ {0440bcff-17b5-11e1-b87b-485b39b4389d}{3808876b-c176-4e48-b7ae-04046e6cc752} Access denied
1/10/2012 11:17:29 PM Not processed File C:\ pagefile.sys Object is locked
1/10/2012 11:17:29 PM Not processed File C:\ hiberfil.sys Object is locked
  • 0

#52
michaelg9
Posted 12 January 2012 - 07:25 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Just to test something with aswmbr, can you delete the old copy and download a fresh one from this on how to reset firewall

Next:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Services

    :Reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Visual Studio Tools for Applications]

    :Files
    C:\Program Files (x86)\Common Files\Microsoft Shared\DW\DW.EXE

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Next:

1. Open the Start Menu.

2. Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
Posted Image

3. In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take a little bit to finish.
Posted Image

4. When the scan is complete, copy the line below and paste it at the command prompt. Then press Enter 

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt


5. The file sfcdetails.txt will now be on your desktop. Please open it , Edit | select all | copy and paste it in your next reply.

Then do this:

Click Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


Next:

1. Open the Start Menu.
2. Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
Posted Image
3. In the elevated command prompt, type:

chkdsk /f /r

.
It will ask you to run chkdsk at the next boot type Y and press enter.
4.Reboot and don't touch any key, let chkdsk scan your Drive.
5.When it finishes, read here on how to find the chkdsk log and copy it and paste it in your next post.


Next:
  • Please download the Event Viewer Tool by Vino Rosso and save it to your Desktop
  • Right-click VEW.exe and Run AS Administrator
  • Under 'Select log to query', select:
    System
  • Under 'Select type to list', select:
    Error
    Warning
  • Then use the 'Number of events' as follows:
  • Click the radio button for 'Number of events'
  • Type 20 in the 1 to 20 box
  • Then click the Run button.
  • Notepad will open with the output log.
  • Please post the Output log in your next reply then repeat but select Application.


Next:

At this moment, all malware have been eliminated from your computer. Please tell me what other symptoms remain and how's your computer running.
  • 0

#53
emeraldire
Posted 12 January 2012 - 10:32 PM

emeraldire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
1. Regarding the aswMBR error message, I got it it again the same as before. Attached is the error message screenshot (and follow-up message).

Just to test something with aswmbr, can you delete the old copy and download a fresh one from here and run it. Then tell me if it showed that error again.

again_aswMBR_Error_messages.jpg


2. Firewall reset to default settings


3. OTL Log:
OTL logfile created on: 1/12/2012 7:43:02 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Wood\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 78.16% Memory free
15.98 Gb Paging File | 14.12 Gb Available in Paging File | 88.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.93 Gb Total Space | 355.83 Gb Free Space | 79.62% Space Free | Partition Type: NTFS

Computer Name: WOOD-PC | User Name: Wood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/07 20:01:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Wood\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/03 05:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/10/12 16:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/03/12 04:40:54 | 000,136,544 | ---- | M] () -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
PRC - [2009/11/24 14:25:28 | 001,874,432 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe
PRC - [2009/11/05 19:26:00 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/11/05 19:26:00 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/11/05 19:26:00 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/11/05 19:26:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009/08/19 05:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe


========== Modules (No Company Name) ==========

MOD - [2009/04/29 13:24:44 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Key\pngio.dll
MOD - [2009/04/29 13:24:44 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Key\AiNap.dll
MOD - [2009/04/29 13:24:44 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\Turbo Key\vvc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/03 05:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 04:40:54 | 000,136,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/11/05 19:26:00 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/08/19 05:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/25 00:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/07 08:52:29 | 000,051,280 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/09/07 08:52:09 | 000,121,936 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/09/07 08:47:49 | 000,028,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/09/07 08:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/09/07 08:47:10 | 000,020,048 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/07/21 16:14:24 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/07/21 16:14:24 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/15 21:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/03/12 04:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@Citrix.com/npagee64,version=9.1.104.5: C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.1.104.5: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Wood\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Wood\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Wood\Music\RM_RehearsalDinner\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Wood\AppData\Roaming\Move Networks [2011/01/26 00:00:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/04 00:01:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Turbo Key] C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Users\Wood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_78719727.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: invesco.com ([ras.na] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23DAD21F-4E8B-4582-860D-0D5ACEC09E93}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 19:18:55 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Wood\Desktop\aswMBR.exe
[2012/01/10 23:16:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/10 23:15:03 | 000,000,000 | ---D | C] -- C:\Users\Wood\Desktop\Kaspersky
[2012/01/10 22:46:51 | 000,646,144 | ---- | C] (OldTimer Tools) -- C:\Users\Wood\Desktop\OTS.exe
[2012/01/07 20:01:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Wood\Desktop\OTL.exe
[2012/01/06 11:15:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-TW
[2012/01/06 11:15:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-HK
[2012/01/06 11:15:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-CN
[2012/01/06 11:15:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\winrm
[2012/01/06 11:15:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WCN
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\uk-UA
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\tr-TR
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\th-TH
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Tasks
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sv-SE
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sr-Latn-CS
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/01/06 11:15:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sppui
[2012/01/06 11:15:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\spp
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SMI
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sl-SI
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\slmgr
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\sk-SK
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ru-RU
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ro-RO
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\restore
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Recovery
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ras
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pt-PT
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pt-BR
[2012/01/06 11:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Printing_Admin_Scripts
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pl-PL
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nl-NL
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NetworkList
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NDF
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nb-NO
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MUI
[2012/01/06 11:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Msdtc
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Microsoft
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\manifeststore
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\lv-LV
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\lt-LT
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ko-KR
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja-JP
[2012/01/06 11:15:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\it
[2012/01/06 11:15:19 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrSerId.sys.mui
[2012/01/06 11:15:19 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrSerIb.sys.mui
[2012/01/06 11:15:19 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerId.sys.mui
[2012/01/06 11:15:19 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerIb.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\it-IT\pscr.sys.mui
[2012/01/06 11:15:19 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\en-US\pscr.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrParwdm.sys.mui
[2012/01/06 11:15:19 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrParwdm.sys.mui
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\hu-HU
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\hr-HR
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\he-IL
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\fr-FR
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\fi-FI
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\et-EE
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\etc
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\es-ES
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\en
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\el-GR
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de-DE
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\da-DK
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\cs-CZ
[2012/01/06 11:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\CodeIntegrity
[2012/01/06 11:15:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot
[2012/01/06 11:15:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\bg-BG
[2012/01/06 11:15:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ar-SA
[2012/01/04 00:01:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/02 03:18:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/02 02:31:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/02 02:31:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/02 02:31:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/02 02:31:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/02 02:26:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/26 10:05:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/12/23 00:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 00:38:07 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files - Modified Within 30 Days ==========

[2012/01/12 19:43:52 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 19:43:52 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 19:41:03 | 001,549,446 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/12 19:41:03 | 000,701,408 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/01/12 19:41:03 | 000,628,308 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/12 19:41:03 | 000,128,626 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/01/12 19:41:03 | 000,107,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/12 19:32:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/12 19:32:17 | 2140,995,583 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 19:28:03 | 000,185,925 | ---- | M] () -- C:\Users\Wood\Desktop\again_aswMBR_Error_messages.jpg
[2012/01/12 19:18:55 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Wood\Desktop\aswMBR.exe
[2012/01/10 23:16:27 | 000,001,004 | ---- | M] () -- C:\Users\Wood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_78719727.lnk
[2012/01/10 22:46:51 | 000,646,144 | ---- | M] (OldTimer Tools) -- C:\Users\Wood\Desktop\OTS.exe
[2012/01/07 20:01:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Wood\Desktop\OTL.exe
[2012/01/07 19:58:39 | 000,000,512 | ---- | M] () -- C:\Users\Wood\Desktop\MBR.dat
[2012/01/07 19:56:39 | 000,116,768 | ---- | M] () -- C:\Users\Wood\Desktop\aswMBR_Error_message.jpg
[2012/01/07 10:29:53 | 000,001,683 | ---- | M] () -- C:\Users\Wood\Desktop\launch.ica.kssj2dd.partial
[2012/01/04 06:50:03 | 000,003,924 | ---- | M] () -- C:\cryptsvc.reg
[2012/01/04 00:01:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/02 17:03:29 | 000,181,342 | ---- | M] () -- C:\Users\Wood\Desktop\DiskMgmt.jpg
[2012/01/01 20:49:50 | 000,000,797 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/12/31 18:24:52 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/27 23:59:52 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/23 03:20:52 | 000,415,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/23 03:03:31 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2011/12/23 01:07:53 | 000,007,608 | ---- | M] () -- C:\Users\Wood\AppData\Local\Resmon.ResmonCfg

========== Files Created - No Company Name ==========

[2012/01/12 19:28:03 | 000,185,925 | ---- | C] () -- C:\Users\Wood\Desktop\again_aswMBR_Error_messages.jpg
[2012/01/10 23:16:27 | 000,001,004 | ---- | C] () -- C:\Users\Wood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_78719727.lnk
[2012/01/07 19:58:39 | 000,000,512 | ---- | C] () -- C:\Users\Wood\Desktop\MBR.dat
[2012/01/07 19:55:31 | 000,116,768 | ---- | C] () -- C:\Users\Wood\Desktop\aswMBR_Error_message.jpg
[2012/01/07 10:30:00 | 000,001,683 | ---- | C] () -- C:\Users\Wood\Desktop\launch.ica.kssj2dd.partial
[2012/01/06 11:15:19 | 000,017,463 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\services
[2012/01/06 11:15:19 | 000,003,683 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\lmhosts.sam
[2012/01/06 11:15:19 | 000,001,358 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\protocol
[2012/01/06 11:15:19 | 000,000,407 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\networks
[2012/01/06 11:15:19 | 000,000,027 | ---- | C] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/04 00:25:19 | 000,003,924 | ---- | C] () -- C:\cryptsvc.reg
[2012/01/02 17:03:29 | 000,181,342 | ---- | C] () -- C:\Users\Wood\Desktop\DiskMgmt.jpg
[2012/01/02 02:31:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/02 02:31:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/02 02:31:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/02 02:31:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/02 02:31:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/27 23:59:52 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/23 03:03:31 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/12/20 16:24:54 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/10/01 07:53:30 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/01 00:14:37 | 001,553,332 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/30 21:36:29 | 000,007,608 | ---- | C] () -- C:\Users\Wood\AppData\Local\Resmon.ResmonCfg
[2010/09/30 09:39:16 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/09/30 09:39:16 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/09/30 09:39:13 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/09/30 09:39:13 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/09/30 09:33:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/09/30 09:33:02 | 000,028,523 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/11/05 19:26:00 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2009/11/05 19:26:00 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 06:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011/11/17 02:19:58 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\5C2DE
[2010/11/22 11:20:45 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\Amazon
[2011/06/28 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\BitTorrent
[2010/09/30 19:29:48 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\CheckPoint
[2011/01/09 16:20:45 | 000,000,000 | ---D | M] -- C:\Users\Wood\AppData\Roaming\ICAClient
[2009/07/13 23:08:49 | 000,025,490 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 538 bytes -> C:\Users\Wood\Desktop\launch.ica.kssj2dd.partial:icasource

< End of report >


4. sfcdetails.txt file:
2012-01-12 19:48:46, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:48:46, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-01-12 19:48:47, Info CSI 0000000c [SR] Verify complete
2012-01-12 19:48:47, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:48:47, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2012-01-12 19:48:48, Info CSI 00000010 [SR] Verify complete
2012-01-12 19:48:49, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:48:49, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2012-01-12 19:48:51, Info CSI 00000014 [SR] Verify complete
2012-01-12 19:48:51, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:48:51, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2012-01-12 19:48:53, Info CSI 00000018 [SR] Verify complete
2012-01-12 19:48:53, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:48:53, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-01-12 19:48:55, Info CSI 0000001c [SR] Verify complete
2012-01-12 19:48:56, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:48:56, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2012-01-12 19:48:57, Info CSI 00000020 [SR] Verify complete
2012-01-12 19:48:57, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:48:57, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2012-01-12 19:48:59, Info CSI 00000024 [SR] Verify complete
2012-01-12 19:48:59, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:48:59, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:02, Info CSI 00000028 [SR] Verify complete
2012-01-12 19:49:02, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:02, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:03, Info CSI 0000002c [SR] Verify complete
2012-01-12 19:49:04, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:04, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:05, Info CSI 00000030 [SR] Verify complete
2012-01-12 19:49:05, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:05, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:08, Info CSI 00000034 [SR] Verify complete
2012-01-12 19:49:08, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:08, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:12, Info CSI 00000039 [SR] Verify complete
2012-01-12 19:49:12, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:12, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:16, Info CSI 0000003f [SR] Verify complete
2012-01-12 19:49:16, Info CSI 00000040 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:16, Info CSI 00000041 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:19, Info CSI 00000043 [SR] Verify complete
2012-01-12 19:49:19, Info CSI 00000044 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:19, Info CSI 00000045 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:22, Info CSI 0000004a [SR] Verify complete
2012-01-12 19:49:22, Info CSI 0000004b [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:22, Info CSI 0000004c [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:25, Info CSI 0000004e [SR] Verify complete
2012-01-12 19:49:25, Info CSI 0000004f [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:25, Info CSI 00000050 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:29, Info CSI 00000052 [SR] Verify complete
2012-01-12 19:49:29, Info CSI 00000053 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:29, Info CSI 00000054 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:35, Info CSI 00000076 [SR] Verify complete
2012-01-12 19:49:35, Info CSI 00000077 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:35, Info CSI 00000078 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:38, Info CSI 0000007d [SR] Verify complete
2012-01-12 19:49:38, Info CSI 0000007e [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:38, Info CSI 0000007f [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:42, Info CSI 00000081 [SR] Verify complete
2012-01-12 19:49:42, Info CSI 00000082 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:42, Info CSI 00000083 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:45, Info CSI 00000085 [SR] Verify complete
2012-01-12 19:49:45, Info CSI 00000086 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:45, Info CSI 00000087 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:49, Info CSI 00000089 [SR] Verify complete
2012-01-12 19:49:49, Info CSI 0000008a [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:49, Info CSI 0000008b [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:52, Info CSI 0000008d [SR] Verify complete
2012-01-12 19:49:52, Info CSI 0000008e [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:52, Info CSI 0000008f [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:55, Info CSI 00000091 [SR] Verify complete
2012-01-12 19:49:55, Info CSI 00000092 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:55, Info CSI 00000093 [SR] Beginning Verify and Repair transaction
2012-01-12 19:49:59, Info CSI 00000095 [SR] Verify complete
2012-01-12 19:49:59, Info CSI 00000096 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:49:59, Info CSI 00000097 [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:05, Info CSI 000000bd [SR] Verify complete
2012-01-12 19:50:05, Info CSI 000000be [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:05, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:11, Info CSI 000000c1 [SR] Verify complete
2012-01-12 19:50:12, Info CSI 000000c2 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:12, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:19, Info CSI 000000c5 [SR] Verify complete
2012-01-12 19:50:19, Info CSI 000000c6 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:19, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:24, Info CSI 000000c9 [SR] Verify complete
2012-01-12 19:50:25, Info CSI 000000ca [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:25, Info CSI 000000cb [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:30, Info CSI 000000cf [SR] Verify complete
2012-01-12 19:50:30, Info CSI 000000d0 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:30, Info CSI 000000d1 [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:33, Info CSI 000000d3 [SR] Verify complete
2012-01-12 19:50:33, Info CSI 000000d4 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:33, Info CSI 000000d5 [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:35, Info CSI 000000d7 [SR] Verify complete
2012-01-12 19:50:35, Info CSI 000000d8 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:35, Info CSI 000000d9 [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:36, Info CSI 000000db [SR] Verify complete
2012-01-12 19:50:36, Info CSI 000000dc [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:36, Info CSI 000000dd [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:38, Info CSI 000000df [SR] Verify complete
2012-01-12 19:50:38, Info CSI 000000e0 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:38, Info CSI 000000e1 [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:43, Info CSI 000000ed [SR] Verify complete
2012-01-12 19:50:43, Info CSI 000000ee [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:43, Info CSI 000000ef [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:46, Info CSI 000000f8 [SR] Verify complete
2012-01-12 19:50:46, Info CSI 000000f9 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:46, Info CSI 000000fa [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:48, Info CSI 000000fc [SR] Verify complete
2012-01-12 19:50:48, Info CSI 000000fd [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:48, Info CSI 000000fe [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:51, Info CSI 00000100 [SR] Verify complete
2012-01-12 19:50:51, Info CSI 00000101 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:51, Info CSI 00000102 [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:52, Info CSI 00000104 [SR] Verify complete
2012-01-12 19:50:52, Info CSI 00000105 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:52, Info CSI 00000106 [SR] Beginning Verify and Repair transaction
2012-01-12 19:50:56, Info CSI 00000109 [SR] Verify complete
2012-01-12 19:50:56, Info CSI 0000010a [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:50:56, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:03, Info CSI 0000010e [SR] Verify complete
2012-01-12 19:51:03, Info CSI 0000010f [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:03, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:05, Info CSI 00000112 [SR] Verify complete
2012-01-12 19:51:06, Info CSI 00000113 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:06, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:07, Info CSI 00000116 [SR] Verify complete
2012-01-12 19:51:08, Info CSI 00000117 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:08, Info CSI 00000118 [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:10, Info CSI 0000011a [SR] Verify complete
2012-01-12 19:51:10, Info CSI 0000011b [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:10, Info CSI 0000011c [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:14, Info CSI 0000011e [SR] Verify complete
2012-01-12 19:51:14, Info CSI 0000011f [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:14, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:18, Info CSI 00000122 [SR] Verify complete
2012-01-12 19:51:18, Info CSI 00000123 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:18, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:21, Info CSI 00000126 [SR] Verify complete
2012-01-12 19:51:21, Info CSI 00000127 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:21, Info CSI 00000128 [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:25, Info CSI 0000012a [SR] Verify complete
2012-01-12 19:51:25, Info CSI 0000012b [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:25, Info CSI 0000012c [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:33, Info CSI 00000144 [SR] Verify complete
2012-01-12 19:51:33, Info CSI 00000145 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:33, Info CSI 00000146 [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:36, Info CSI 00000148 [SR] Verify complete
2012-01-12 19:51:36, Info CSI 00000149 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:36, Info CSI 0000014a [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:40, Info CSI 0000014c [SR] Verify complete
2012-01-12 19:51:40, Info CSI 0000014d [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:40, Info CSI 0000014e [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:52, Info CSI 00000150 [SR] Verify complete
2012-01-12 19:51:52, Info CSI 00000151 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:52, Info CSI 00000152 [SR] Beginning Verify and Repair transaction
2012-01-12 19:51:56, Info CSI 00000154 [SR] Verify complete
2012-01-12 19:51:56, Info CSI 00000155 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:51:56, Info CSI 00000156 [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:03, Info CSI 00000159 [SR] Verify complete
2012-01-12 19:52:03, Info CSI 0000015a [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:03, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:09, Info CSI 0000015d [SR] Verify complete
2012-01-12 19:52:09, Info CSI 0000015e [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:09, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:13, Info CSI 00000161 [SR] Verify complete
2012-01-12 19:52:13, Info CSI 00000162 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:13, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:16, Info CSI 00000165 [SR] Verify complete
2012-01-12 19:52:16, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:16, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:20, Info CSI 00000169 [SR] Verify complete
2012-01-12 19:52:20, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:20, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:22, Info CSI 0000016d [SR] Verify complete
2012-01-12 19:52:22, Info CSI 0000016e [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:22, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:26, Info CSI 00000173 [SR] Verify complete
2012-01-12 19:52:26, Info CSI 00000174 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:26, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:29, Info CSI 00000177 [SR] Verify complete
2012-01-12 19:52:29, Info CSI 00000178 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:29, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:38, Info CSI 0000017b [SR] Verify complete
2012-01-12 19:52:38, Info CSI 0000017c [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:38, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:42, Info CSI 0000017f [SR] Verify complete
2012-01-12 19:52:42, Info CSI 00000180 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:42, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:46, Info CSI 00000184 [SR] Verify complete
2012-01-12 19:52:46, Info CSI 00000185 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:46, Info CSI 00000186 [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:49, Info CSI 00000188 [SR] Verify complete
2012-01-12 19:52:49, Info CSI 00000189 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:49, Info CSI 0000018a [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:53, Info CSI 0000018d [SR] Verify complete
2012-01-12 19:52:53, Info CSI 0000018e [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:53, Info CSI 0000018f [SR] Beginning Verify and Repair transaction
2012-01-12 19:52:57, Info CSI 00000191 [SR] Verify complete
2012-01-12 19:52:57, Info CSI 00000192 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:52:57, Info CSI 00000193 [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:04, Info CSI 00000196 [SR] Verify complete
2012-01-12 19:53:04, Info CSI 00000197 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:04, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:07, Info CSI 0000019a [SR] Verify complete
2012-01-12 19:53:07, Info CSI 0000019b [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:07, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:11, Info CSI 0000019e [SR] Verify complete
2012-01-12 19:53:11, Info CSI 0000019f [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:11, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:15, Info CSI 000001a2 [SR] Verify complete
2012-01-12 19:53:15, Info CSI 000001a3 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:15, Info CSI 000001a4 [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:18, Info CSI 000001a6 [SR] Verify complete
2012-01-12 19:53:18, Info CSI 000001a7 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:18, Info CSI 000001a8 [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:21, Info CSI 000001ab [SR] Verify complete
2012-01-12 19:53:21, Info CSI 000001ac [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:21, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:25, Info CSI 000001af [SR] Verify complete
2012-01-12 19:53:26, Info CSI 000001b0 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:26, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:28, Info CSI 000001b3 [SR] Verify complete
2012-01-12 19:53:28, Info CSI 000001b4 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:28, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:32, Info CSI 000001b7 [SR] Verify complete
2012-01-12 19:53:32, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:32, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:36, Info CSI 000001bd [SR] Verify complete
2012-01-12 19:53:36, Info CSI 000001be [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:36, Info CSI 000001bf [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:40, Info CSI 000001c1 [SR] Verify complete
2012-01-12 19:53:40, Info CSI 000001c2 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:40, Info CSI 000001c3 [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:44, Info CSI 000001c8 [SR] Verify complete
2012-01-12 19:53:44, Info CSI 000001c9 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:44, Info CSI 000001ca [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:48, Info CSI 000001cc [SR] Verify complete
2012-01-12 19:53:48, Info CSI 000001cd [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:48, Info CSI 000001ce [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:52, Info CSI 000001d0 [SR] Verify complete
2012-01-12 19:53:52, Info CSI 000001d1 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:52, Info CSI 000001d2 [SR] Beginning Verify and Repair transaction
2012-01-12 19:53:58, Info CSI 000001d5 [SR] Verify complete
2012-01-12 19:53:58, Info CSI 000001d6 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:53:58, Info CSI 000001d7 [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:01, Info CSI 000001d9 [SR] Verify complete
2012-01-12 19:54:01, Info CSI 000001da [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:01, Info CSI 000001db [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:02, Info CSI 000001dd [SR] Verify complete
2012-01-12 19:54:02, Info CSI 000001de [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:02, Info CSI 000001df [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:05, Info CSI 000001e1 [SR] Verify complete
2012-01-12 19:54:05, Info CSI 000001e2 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:05, Info CSI 000001e3 [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:07, Info CSI 000001e5 [SR] Verify complete
2012-01-12 19:54:07, Info CSI 000001e6 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:07, Info CSI 000001e7 [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:10, Info CSI 000001e9 [SR] Verify complete
2012-01-12 19:54:10, Info CSI 000001ea [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:10, Info CSI 000001eb [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:14, Info CSI 000001ed [SR] Verify complete
2012-01-12 19:54:14, Info CSI 000001ee [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:14, Info CSI 000001ef [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:17, Info CSI 000001f1 [SR] Verify complete
2012-01-12 19:54:17, Info CSI 000001f2 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:17, Info CSI 000001f3 [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:18, Info CSI 000001f5 [SR] Verify complete
2012-01-12 19:54:19, Info CSI 000001f6 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:19, Info CSI 000001f7 [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:22, Info CSI 000001f9 [SR] Verify complete
2012-01-12 19:54:22, Info CSI 000001fa [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:22, Info CSI 000001fb [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:30, Info CSI 000001fd [SR] Verify complete
2012-01-12 19:54:30, Info CSI 000001fe [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:30, Info CSI 000001ff [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:38, Info CSI 00000201 [SR] Verify complete
2012-01-12 19:54:38, Info CSI 00000202 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:38, Info CSI 00000203 [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:41, Info CSI 00000205 [SR] Verify complete
2012-01-12 19:54:41, Info CSI 00000206 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:41, Info CSI 00000207 [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:43, Info CSI 00000209 [SR] Verify complete
2012-01-12 19:54:43, Info CSI 0000020a [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:43, Info CSI 0000020b [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:46, Info CSI 0000020d [SR] Verify complete
2012-01-12 19:54:46, Info CSI 0000020e [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:46, Info CSI 0000020f [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:48, Info CSI 00000211 [SR] Verify complete
2012-01-12 19:54:48, Info CSI 00000212 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:48, Info CSI 00000213 [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:49, Info CSI 00000215 [SR] Verify complete
2012-01-12 19:54:49, Info CSI 00000216 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:49, Info CSI 00000217 [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:51, Info CSI 00000219 [SR] Verify complete
2012-01-12 19:54:51, Info CSI 0000021a [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:51, Info CSI 0000021b [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:53, Info CSI 0000021d [SR] Verify complete
2012-01-12 19:54:53, Info CSI 0000021e [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:53, Info CSI 0000021f [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:56, Info CSI 00000221 [SR] Verify complete
2012-01-12 19:54:56, Info CSI 00000222 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:56, Info CSI 00000223 [SR] Beginning Verify and Repair transaction
2012-01-12 19:54:57, Info CSI 00000225 [SR] Verify complete
2012-01-12 19:54:57, Info CSI 00000226 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:54:57, Info CSI 00000227 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:02, Info CSI 0000022f [SR] Verify complete
2012-01-12 19:55:02, Info CSI 00000230 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:02, Info CSI 00000231 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:05, Info CSI 00000233 [SR] Verify complete
2012-01-12 19:55:05, Info CSI 00000234 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:05, Info CSI 00000235 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:08, Info CSI 00000237 [SR] Verify complete
2012-01-12 19:55:08, Info CSI 00000238 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:08, Info CSI 00000239 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:11, Info CSI 0000023b [SR] Verify complete
2012-01-12 19:55:11, Info CSI 0000023c [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:11, Info CSI 0000023d [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:13, Info CSI 0000023f [SR] Verify complete
2012-01-12 19:55:14, Info CSI 00000240 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:14, Info CSI 00000241 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:16, Info CSI 00000243 [SR] Verify complete
2012-01-12 19:55:16, Info CSI 00000244 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:16, Info CSI 00000245 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:20, Info CSI 00000247 [SR] Verify complete
2012-01-12 19:55:20, Info CSI 00000248 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:20, Info CSI 00000249 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:24, Info CSI 0000024c [SR] Verify complete
2012-01-12 19:55:24, Info CSI 0000024d [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:24, Info CSI 0000024e [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:25, Info CSI 00000250 [SR] Verify complete
2012-01-12 19:55:25, Info CSI 00000251 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:25, Info CSI 00000252 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:26, Info CSI 00000254 [SR] Verify complete
2012-01-12 19:55:26, Info CSI 00000255 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:26, Info CSI 00000256 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:33, Info CSI 0000025b [SR] Verify complete
2012-01-12 19:55:34, Info CSI 0000025c [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:34, Info CSI 0000025d [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:40, Info CSI 00000261 [SR] Verify complete
2012-01-12 19:55:41, Info CSI 00000262 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:41, Info CSI 00000263 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:44, Info CSI 00000267 [SR] Verify complete
2012-01-12 19:55:44, Info CSI 00000268 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:44, Info CSI 00000269 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:48, Info CSI 0000026d [SR] Verify complete
2012-01-12 19:55:48, Info CSI 0000026e [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:48, Info CSI 0000026f [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:52, Info CSI 0000027a [SR] Verify complete
2012-01-12 19:55:52, Info CSI 0000027b [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:52, Info CSI 0000027c [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:56, Info CSI 00000285 [SR] Verify complete
2012-01-12 19:55:56, Info CSI 00000286 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:56, Info CSI 00000287 [SR] Beginning Verify and Repair transaction
2012-01-12 19:55:59, Info CSI 00000289 [SR] Verify complete
2012-01-12 19:55:59, Info CSI 0000028a [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:55:59, Info CSI 0000028b [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:01, Info CSI 0000028f [SR] Verify complete
2012-01-12 19:56:01, Info CSI 00000290 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:01, Info CSI 00000291 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:04, Info CSI 00000293 [SR] Verify complete
2012-01-12 19:56:04, Info CSI 00000294 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:04, Info CSI 00000295 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:06, Info CSI 00000297 [SR] Verify complete
2012-01-12 19:56:06, Info CSI 00000298 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:06, Info CSI 00000299 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:10, Info CSI 000002be [SR] Verify complete
2012-01-12 19:56:10, Info CSI 000002bf [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:10, Info CSI 000002c0 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:12, Info CSI 000002c2 [SR] Verify complete
2012-01-12 19:56:12, Info CSI 000002c3 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:12, Info CSI 000002c4 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:14, Info CSI 000002c6 [SR] Verify complete
2012-01-12 19:56:14, Info CSI 000002c7 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:14, Info CSI 000002c8 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:17, Info CSI 000002ca [SR] Verify complete
2012-01-12 19:56:17, Info CSI 000002cb [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:17, Info CSI 000002cc [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:19, Info CSI 000002ce [SR] Verify complete
2012-01-12 19:56:19, Info CSI 000002cf [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:19, Info CSI 000002d0 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:21, Info CSI 000002ea [SR] Verify complete
2012-01-12 19:56:21, Info CSI 000002eb [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:21, Info CSI 000002ec [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:28, Info CSI 000002ee [SR] Verify complete
2012-01-12 19:56:28, Info CSI 000002ef [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:28, Info CSI 000002f0 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:30, Info CSI 000002f8 [SR] Verify complete
2012-01-12 19:56:30, Info CSI 000002f9 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:30, Info CSI 000002fa [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:34, Info CSI 00000302 [SR] Verify complete
2012-01-12 19:56:34, Info CSI 00000303 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:34, Info CSI 00000304 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:35, Info CSI 00000306 [SR] Verify complete
2012-01-12 19:56:35, Info CSI 00000307 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:35, Info CSI 00000308 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:38, Info CSI 0000030a [SR] Verify complete
2012-01-12 19:56:38, Info CSI 0000030b [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:38, Info CSI 0000030c [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:41, Info CSI 0000030f [SR] Verify complete
2012-01-12 19:56:41, Info CSI 00000310 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:41, Info CSI 00000311 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:43, Info CSI 00000313 [SR] Verify complete
2012-01-12 19:56:43, Info CSI 00000314 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:43, Info CSI 00000315 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:44, Info CSI 00000317 [SR] Verify complete
2012-01-12 19:56:45, Info CSI 00000318 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:45, Info CSI 00000319 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:48, Info CSI 0000031b [SR] Verify complete
2012-01-12 19:56:48, Info CSI 0000031c [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:48, Info CSI 0000031d [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:50, Info CSI 0000031f [SR] Verify complete
2012-01-12 19:56:51, Info CSI 00000320 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:51, Info CSI 00000321 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:53, Info CSI 00000323 [SR] Verify complete
2012-01-12 19:56:53, Info CSI 00000324 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:53, Info CSI 00000325 [SR] Beginning Verify and Repair transaction
2012-01-12 19:56:58, Info CSI 0000033f [SR] Verify complete
2012-01-12 19:56:58, Info CSI 00000340 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:56:58, Info CSI 00000341 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:01, Info CSI 00000343 [SR] Verify complete
2012-01-12 19:57:01, Info CSI 00000344 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:01, Info CSI 00000345 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:10, Info CSI 00000347 [SR] Verify complete
2012-01-12 19:57:10, Info CSI 00000348 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:10, Info CSI 00000349 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:13, Info CSI 0000034b [SR] Verify complete
2012-01-12 19:57:13, Info CSI 0000034c [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:13, Info CSI 0000034d [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:15, Info CSI 0000034f [SR] Verify complete
2012-01-12 19:57:15, Info CSI 00000350 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:15, Info CSI 00000351 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:17, Info CSI 00000354 [SR] Verify complete
2012-01-12 19:57:17, Info CSI 00000355 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:17, Info CSI 00000356 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:19, Info CSI 00000359 [SR] Verify complete
2012-01-12 19:57:19, Info CSI 0000035a [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:19, Info CSI 0000035b [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:21, Info CSI 0000035d [SR] Verify complete
2012-01-12 19:57:21, Info CSI 0000035e [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:21, Info CSI 0000035f [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:23, Info CSI 00000361 [SR] Verify complete
2012-01-12 19:57:23, Info CSI 00000362 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:23, Info CSI 00000363 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:27, Info CSI 00000365 [SR] Verify complete
2012-01-12 19:57:27, Info CSI 00000366 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:27, Info CSI 00000367 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:29, Info CSI 00000369 [SR] Verify complete
2012-01-12 19:57:29, Info CSI 0000036a [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:29, Info CSI 0000036b [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:32, Info CSI 0000036e [SR] Verify complete
2012-01-12 19:57:32, Info CSI 0000036f [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:32, Info CSI 00000370 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:34, Info CSI 00000372 [SR] Verify complete
2012-01-12 19:57:34, Info CSI 00000373 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:34, Info CSI 00000374 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:36, Info CSI 00000376 [SR] Verify complete
2012-01-12 19:57:36, Info CSI 00000377 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:36, Info CSI 00000378 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:39, Info CSI 0000037b [SR] Verify complete
2012-01-12 19:57:39, Info CSI 0000037c [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:39, Info CSI 0000037d [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:42, Info CSI 0000037f [SR] Verify complete
2012-01-12 19:57:42, Info CSI 00000380 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:42, Info CSI 00000381 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:45, Info CSI 00000383 [SR] Verify complete
2012-01-12 19:57:45, Info CSI 00000384 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:45, Info CSI 00000385 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:48, Info CSI 00000388 [SR] Verify complete
2012-01-12 19:57:48, Info CSI 00000389 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:48, Info CSI 0000038a [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:51, Info CSI 0000038c [SR] Verify complete
2012-01-12 19:57:51, Info CSI 0000038d [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:51, Info CSI 0000038e [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:54, Info CSI 00000390 [SR] Verify complete
2012-01-12 19:57:54, Info CSI 00000391 [SR] Verifying 100 (0x0000000000000064) components
2012-01-12 19:57:54, Info CSI 00000392 [SR] Beginning Verify and Repair transaction
2012-01-12 19:57:58, Info CSI 00000394 [SR] Verify complete
2012-01-12 19:57:58, Info CSI 00000395 [SR] Verifying 82 (0x0000000000000052) components
2012-01-12 19:57:58, Info CSI 00000396 [SR] Beginning Verify and Repair transaction
2012-01-12 19:58:00, Info CSI 00000398 [SR] Verify complete
2012-01-12 19:58:00, Info CSI 00000399 [SR] Repairing 0 components
2012-01-12 19:58:00, Info CSI 0000039a [SR] Beginning Verify and Repair transaction
2012-01-12 19:58:00, Info CSI 0000039c [SR] Repair complete


5. Sigverif log yielded no unsigned signatures (just an 'everything is checked as signed' pop-up with an 'ok' button)... so I looked at the log in Advanced button and copied out the most recent entry, as well as the one record that was not checked. I have included header information for reference purposes.

********************************

Microsoft Signature Verification

Log file generated on 1/12/2012 at 8:39 PM
OS Platform: Windows (x64), Version: 6.1, Build: 7601, CSDVersion: Service Pack 1
Scan Results: Total Files: 143, Signed: 142, Unsigned: 0, Not Scanned: 1

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
...

[c:\windows\system32\drivers]
tcpip.sys 9/29/2011 2:5.1,2:5.2,2:6.0,2:Signed Package_2_for_KB2588Microsoft Windows

...

Unscanned Files:
------------------
[c:\windows\c:\users\wood\appdata\local\temp\cpuz130]
cpuz_x64.sys The directory name is invalid.


6. Wininit log file:

Controllo in corso del file system su C:
Il file system è di tipo NTFS.

Il disco sarà ora controllato come pianificato.
Il disco sarà ora controllato.

Verifica dei file in corso (fase 1 di 5)...
174592 record di file elaborati. Verifica file completata.
989 record di file di grandi dimensioni elaborati. 0 record file non validi elaborati. 2 record EA elaborati. 87 record reparse elaborati. Verifica degli indici in corso (fase 2 di 5)...
230970 voci di indice elaborate. Verifica indici completata.
0 file non indicizzati analizzati. 0 file non indicizzati ripristinati. Verifica dei descrittori di sicurezza in corso (fase 3 di 5)...
174592 descrittori di protezione/SID di file elaborati. Pulizia di 358 voci inutilizzate dall'indice $SII del file 0x9.
Pulizia di 358 voci inutilizzate dall'indice $SDH del file 0x9.
Pulizia dei descrittori di sicurezza inutilizzati 358.
Verifica descrittori di sicurezza completata.
28190 file di dati elaborati. CHKDSK sta verificando il journal USN...
37409952 byte USN elaborati. Verifica del journal USN completata.
Verifica dei dati dei file in corso (fase 4 di 5))...
174576 file elaborati. Verifica dei dati del file completata.
CHKDSK sta verificando la spazio disponibile (fase 5 di 5)...
Cluster liberi elaborati: 93271931. Verifica dello spazio disponibile completata.
Verifica del file system effettuata. Nessun problema rilevato.

468644863 KB di spazio totale su disco.
95188064 KB in 106246 file.
75736 KB in 28191 indici.
0 KB in settori danneggiati.
293339 KB in uso dal sistema.
65536 KB occupati dal file registro.
373087724 KB disponibili su disco.

4096 byte in ogni unità di allocazione.
117161215 unità totali di allocazione su disco.
93271931 unità di allocazione disponibili su disco.

Informazioni interne:
00 aa 02 00 30 0d 02 00 e1 05 04 00 00 00 00 00 ....0...........
1d 02 00 00 57 00 00 00 00 00 00 00 00 00 00 00 ....W...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Controllo del disco completato.
Attendere il riavvio del computer.


7. VEW - System log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/01/2012 10:08:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 28/12/2011 6:05:31 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 26/12/2011 4:04:56 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/12/2011 6:08:48 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/12/2011 5:22:14 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/12/2011 2:08:20 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/12/2011 10:31:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/12/2011 7:33:53 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/09/2011 3:07:12 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 08/09/2011 1:59:10 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/09/2011 11:57:36 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/09/2011 3:04:09 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 25/07/2011 8:53:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/07/2011 8:01:42 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/05/2011 3:09:21 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/03/2011 6:06:37 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/02/2011 10:01:02 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/01/2011 3:32:09 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/12/2010 9:55:12 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2010 8:28:35 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/01/2012 3:55:03 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The avast! Antivirus service hung on starting.

Log: 'System' Date/Time: 13/01/2012 1:36:44 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The avast! Antivirus service hung on starting.

Log: 'System' Date/Time: 13/01/2012 1:30:00 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 11/01/2012 9:24:53 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The avast! Antivirus service hung on starting.

Log: 'System' Date/Time: 06/01/2012 6:51:14 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The avast! Antivirus service hung on starting.

Log: 'System' Date/Time: 04/01/2012 6:24:35 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 04/01/2012 6:11:23 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The avast! Antivirus service hung on starting.

Log: 'System' Date/Time: 04/01/2012 6:00:56 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The avast! Antivirus service hung on starting.

Log: 'System' Date/Time: 04/01/2012 5:55:03 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 04/01/2012 5:53:27 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 04/01/2012 5:51:49 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 04/01/2012 5:51:49 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 04/01/2012 5:46:28 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The avast! Antivirus service hung on starting.

Log: 'System' Date/Time: 04/01/2012 5:24:31 AM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The avast! Antivirus service hung on starting.

Log: 'System' Date/Time: 04/01/2012 5:18:37 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 04/01/2012 5:18:10 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 04/01/2012 5:18:10 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 04/01/2012 5:17:00 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 04/01/2012 5:15:15 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 04/01/2012 5:15:15 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/01/2012 3:54:43 AM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: avast! Antivirus Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

Log: 'System' Date/Time: 13/01/2012 1:36:24 AM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: avast! Antivirus Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

Log: 'System' Date/Time: 12/01/2012 4:52:44 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name us.tracker.worldofwarcraft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 11/01/2012 9:24:33 AM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: avast! Antivirus Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

Log: 'System' Date/Time: 11/01/2012 4:45:19 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/01/2012 5:34:16 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name us.tracker.worldofwarcraft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 09/01/2012 3:42:22 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 09/01/2012 3:26:58 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.hsd1.tx.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 09/01/2012 6:47:15 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 09/01/2012 2:05:13 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name us.tracker.worldofwarcraft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 07/01/2012 8:54:55 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 07/01/2012 6:07:06 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name us.tracker.worldofwarcraft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 06/01/2012 6:50:54 PM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: avast! Antivirus Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

Log: 'System' Date/Time: 04/01/2012 6:11:03 AM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: avast! Antivirus Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

Log: 'System' Date/Time: 04/01/2012 6:00:36 AM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: avast! Antivirus Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

Log: 'System' Date/Time: 04/01/2012 5:51:24 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/01/2012 5:46:08 AM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: avast! Antivirus Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

Log: 'System' Date/Time: 04/01/2012 5:24:11 AM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 4 minutes to start and may have stopped responding: avast! Antivirus Contact your system administrator or service vendor for approximate startup times for this service. If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.

Log: 'System' Date/Time: 04/01/2012 5:15:05 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.hsd1.tx.comcast.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/01/2012 5:14:56 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.hsd1.tx.comcast.net timed out after none of the configured DNS servers responded.



8. VEW - Application log:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/01/2012 10:10:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/01/2012 9:00:23 AM
Type: Error Category: 0
Event: 513 Source: Microsoft-Windows-CAPI2
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary 4365915drv.

System Error:
Impossibile trovare il file specificato. .

Log: 'Application' Date/Time: 04/01/2012 10:16:34 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program OTL.exe version 3.2.31.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 11c8 Start Time: 01cccaa955f5d408 Termination Time: 0 Application Path: C:\Users\Wood\Desktop\OTL.exe Report Id: 295ba632-36bd-11e1-870d-485b39b4389d

Log: 'Application' Date/Time: 22/12/2011 4:48:16 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x3568ff45 Faulting process id: 0xf74 Faulting application start time: 0x01ccc0c912818baf Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: unknown Report Id: be00fdf9-2cbc-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 22/12/2011 9:52:03 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting process id: 0xfc4 Faulting application start time: 0x01ccc08ecb1ba23a Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 996b451b-2c82-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 22/12/2011 8:30:41 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: Flash11e.ocx, version: 11.1.102.55, time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x0016cdc1 Faulting process id: 0x900 Faulting application start time: 0x01ccc083540f06c3 Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: 3b8427bb-2c77-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 22/12/2011 8:23:25 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting process id: 0x1174 Faulting application start time: 0x01ccc08276a2596a Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 37adf82e-2c76-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 21/12/2011 7:03:42 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x3569eea7 Faulting process id: 0x1438 Faulting application start time: 0x01ccc01230fe6462 Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: unknown Report Id: 7f0981f4-2c06-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 21/12/2011 2:52:46 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x39336af0 Faulting process id: 0x1460 Faulting application start time: 0x01ccbfef06907307 Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: unknown Report Id: 71746c04-2be3-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 21/12/2011 10:59:07 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: jvm.dll, version: 20.1.0.2, time stamp: 0x4dc14bf1 Exception code: 0xc0000005 Fault offset: 0x0005e5c2 Faulting process id: 0x1334 Faulting application start time: 0x01ccbfcf0d55ba2a Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\PROGRA~2\Java\jre6\bin\client\jvm.dll Report Id: ccf5e88f-2bc2-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 7:24:46 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting process id: 0xde4 Faulting application start time: 0x01ccbf4c5b212f75 Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 4683b632-2b40-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 5:35:14 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x35694a10 Faulting process id: 0x14a4 Faulting application start time: 0x01ccbf3d86659a03 Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: unknown Report Id: f950ea29-2b30-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 2:44:05 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x356a1ea1 Faulting process id: 0xa54 Faulting application start time: 0x01ccbf2570e905d4 Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: unknown Report Id: 107eec45-2b19-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 2:09:43 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319 Exception code: 0xe06d7363 Fault offset: 0x0000b9bc Faulting process id: 0x8a4 Faulting application start time: 0x01ccbf20ae6abc04 Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 43737a4b-2b14-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 12:31:30 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: jvm.dll, version: 20.1.0.2, time stamp: 0x4dc14bf1 Exception code: 0xc0000005 Fault offset: 0x0005e5c2 Faulting process id: 0x17c0 Faulting application start time: 0x01ccbf11b57831db Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\PROGRA~2\Java\jre6\bin\client\jvm.dll Report Id: 8a7028d8-2b06-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 8:39:31 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b9e2 Exception code: 0xc0000005 Fault offset: 0x00014705 Faulting process id: 0x12a0 Faulting application start time: 0x01ccbef26ea464ef Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\SHLWAPI.dll Report Id: 229473f9-2ae6-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 7:56:29 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b9e2 Exception code: 0xc0000005 Fault offset: 0x00014705 Faulting process id: 0x13d8 Faulting application start time: 0x01ccbeec82d2a528 Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\SHLWAPI.dll Report Id: 1f941d50-2ae0-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 7:35:17 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b9e2 Exception code: 0xc0000005 Fault offset: 0x00014705 Faulting process id: 0xe80 Faulting application start time: 0x01ccbee93118e3f2 Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\SHLWAPI.dll Report Id: 29675da4-2add-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 7:13:27 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b9e2 Exception code: 0xc0000005 Fault offset: 0x00014705 Faulting process id: 0xc9c Faulting application start time: 0x01ccbee67bfb4fca Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\SHLWAPI.dll Report Id: 1c9c4227-2ada-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 6:50:59 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b9e2 Exception code: 0xc0000005 Fault offset: 0x00014705 Faulting process id: 0x1300 Faulting application start time: 0x01ccbee358b5814b Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\SHLWAPI.dll Report Id: f931dd6b-2ad6-11e1-b7c4-485b39b4389d

Log: 'Application' Date/Time: 20/12/2011 5:56:57 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ping.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b9e2 Exception code: 0xc0000005 Fault offset: 0x00014705 Faulting process id: 0xc84 Faulting application start time: 0x01ccbedb0f3aad29 Faulting application path: C:\Windows\SysWOW64\ping.exe Faulting module path: C:\Windows\syswow64\SHLWAPI.dll Report Id: 6ccdc4b0-2acf-11e1-b7c4-485b39b4389d

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 13/01/2012 3:57:10 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 13/01/2012 3:55:10 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 13/01/2012 3:04:57 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1768621638-534525770-3004020928-1000:
Process 1368 (\Device\HarddiskVolume2\Program Files\SUPERAntiSpyware\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-1768621638-534525770-3004020928-1000\Software\SUPERAntiSpyware.com\SUPERAntiSpyware


Log: 'Application' Date/Time: 13/01/2012 1:39:45 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 13/01/2012 1:30:22 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-1768621638-534525770-3004020928-1000:
Process 1960 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1768621638-534525770-3004020928-1000
Process 1692 (\Device\HarddiskVolume2\Program Files\SUPERAntiSpyware\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-1768621638-534525770-3004020928-1000\Software\SUPERAntiSpyware.com\SUPERAntiSpyware


Log: 'Application' Date/Time: 11/01/2012 9:25:14 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 11/01/2012 9:18:19 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-1768621638-534525770-3004020928-1000:
Process 3100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-1768621638-534525770-3004020928-1000
Process 1348 (\Device\HarddiskVolume2\Program Files\SUPERAntiSpyware\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-1768621638-534525770-3004020928-1000\Software\SUPERAntiSpyware.com\SUPERAntiSpyware


Log: 'Application' Date/Time: 11/01/2012 9:00:52 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 06/01/2012 6:51:49 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 04/01/2012 6:11:28 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 04/01/2012 6:01:11 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 04/01/2012 5:46:33 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 04/01/2012 5:24:46 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 04/01/2012 4:55:57 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 04/01/2012 4:49:54 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1768621638-534525770-3004020928-1000:
Process 1680 (\Device\HarddiskVolume2\Program Files\SUPERAntiSpyware\SASCore64.exe) has opened key \REGISTRY\USER\S-1-5-21-1768621638-534525770-3004020928-1000\Software\SUPERAntiSpyware.com\SUPERAntiSpyware


Log: 'Application' Date/Time: 02/01/2012 10:11:19 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 02/01/2012 8:41:00 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 01/01/2012 12:27:46 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 28/12/2011 6:10:18 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)


Log: 'Application' Date/Time: 27/12/2011 11:54:33 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1768621638-534525770-3004020928-1000}/> cannot be accessed.

Contesto: applicazione , catalogo SystemIndex

Dettagli:
L'URL è già stato elaborato durante questo aggiornamento. Se il presente messaggio viene visualizzato durante l'elaborazione degli avvisi, significa che gli avvisi sono ridondanti oppure che è necessario eseguire un'operazione di modifica anziché di aggiunta. (HRESULT : 0x80040d0d) (0x80040d0d)
  • 0

#54
emeraldire
Posted 12 January 2012 - 10:47 PM

emeraldire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

At this moment, all malware have been eliminated from your computer. Please tell me what other symptoms remain and how's your computer running.


My system seems to be running fine, now, thank you. The only thing that still concerns me is that I cannot enable Avast! and Windows Defender, nor disable Avast! services. As I have mentioned a few times in my prior posts on this thread, restarting my computer takes 5-10 minutes due to the Avast! service always trying to start and failing to do so. My system will either get as far along as showing the desktop after a reboot or sometimes (1/3 of the time) show a complete black screen (with my mouse cursor movable) for 5-10 min (I can always open Task Manager in both scenarios and can see the Avast! service trying to start, but cannot disable/enable/stop it). No application will start or respond until the Service eventually times out; so, I simply have to wait the 5-10 minutes for it to eventually time out, at which point my system becomes fully operable without any additional symptoms. Even after my system comes alive and fully usable, I cannot disable or otherwise modify the Avast services settings, getting an access denied message.

If Windows Defender was working, I would just uninstall Avast! and be done; however, since Windows Defender has the same difficulty starting as Avast!, I am worried that there is still an problem. You can see reference to this in the VEW - Application and System logs. Any ideas on what might be causing it?

Edited by emeraldire, 12 January 2012 - 10:51 PM.

  • 0

#55
michaelg9
Posted 13 January 2012 - 07:37 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

You're right that Avast it causing problems.
  • Go to Programs and Features (the list with installed programs on the computer) and select Avast Antivirus.
  • Click on the button near it to open its installer.
  • There you will see some options, normally one of them should be re-install / repair install. Select that operation and let the installer re-install Avast.
  • Check to see if the problem with the startup is gone.
  • If not, uninstall Avast and Reboot
  • Download a new installer from here
  • Install Avast again and check to see if the problems come back.
  • If they do, uninstall Avast completely
  • Tell me how is your computer working without Avast

Note:If you have uninstalled Avast, try not to use your computer much as you're in a great danger of re-infection.
  • 0

Advertisements

#56
emeraldire
Posted 13 January 2012 - 07:45 PM

emeraldire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I had to uninstall Avast! and re-install it again. It does seem to be working now and not hanging at startup, so I think I am good to go. I have created a restore point backup, so hopefully I won't have to visit again soon. Thank you again for your help!!

Cheers,
Em
  • 0

#57
michaelg9
Posted 14 January 2012 - 04:27 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello Good news :happy:

Happy to hear that you're clean finally :happy:

Congratulations! Your logs are clean! :thumbsup: Now that you are clean, please follow these precautions in order to keep safe:


Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer.


Next:


Uninstall ComboFix from your computer:
  • Click on Start > Run
  • Type Combofix /Uninstall in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
    Posted Image

Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL for the last time and hit the cleanup button. It will remove all the programs we have used plus itself.

Next:

Note: If you are using Firefox I would suggest the use of these add-ons:
  • NoScript - for blocking ads and other potential website attacks.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.


Next:


Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.



Next:


Additional security programs - For additional security, the use of these tools is important:
  • Malwarebytes Anti-Malware. - Update the free version and scan with it often. It is an excellent scanning tool to have on your side.
  • The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial

Next:

Upgrading Java:
  • Go here and click Do I have Java
  • It will check your current version and then offer to update to the latest version, if there are any.


Next:


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Next:


Keep a backup of your important files to prevent future data loss.


Happy safe computing !! :)
  • 0

#58
michaelg9
Posted 16 January 2012 - 12:43 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP