Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown malware [Solved]

Started by diinovo , Jul 13 2012 09:01 AM

  • This topic is locked This topic is locked

#46
CompCav
Posted 08 August 2012 - 06:34 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Here is your note

Saturday soon after receiving your replay and closing the topic I started applying your instructions.
This is NOT a complaint, everything looked fine, see my replay below.

Uninstall OTL, OTL uninstalled properly and a report was made.
On restart after uninstalling OTL It removed something of the internet settings, I had No internet connection
IPv4 No network access
IPv6 No network access

Network discovery is turned off, NO network access
Trying to turn on Network discovery but does not turn on

I opened system restore, after 30 ?+ seconds a popup said was a problem with restore,
It opened restore there was 1 restore point jus created, I did not change
then the screen went blank a few times and took some time to return,
Over 4 minutes, a popup box said was searching for restore point, I closed
with windows task manager, after closing the boxes reappeared 2/3 times
more I closed them

opening Malwarebytes took some 2 minutes
Network and sharing center- Advanced sharing setting not opening,

After several trays with internet provider and modem manufacturer, I
managed to get internet connected Sunday afternoon.
Monday morning, I continued your instructions, everything is fine, no problems at all.

CompCav
I believe everything is fine, this is only for you info.
I am attaching OTL uninstall log in case you interested to look. (I could not reply)
I am very happy, Thanks, you may let me know?

Thank you

PS. I would be interested to know what malware was found?

3:12 PM 06/08/2012 it started from this day and getting worse by the day
I wanted to update from Microsoft, I have not done for long time, windows explorer stopped
working for several minutes, could not close, open Task Manager , End Task it stopped working,
have blank screen several minutes, a popup box says Explorer stopped working, Re-start
computer, check for Windows update again, it stops working for more than 5 minutes, blank
screen, I Re-start, will tray later again.
I believe this will be fixed with updates once I have a chance ??

06/08 - 5 PM Control Panel Not responding, Internet explorer not responding,
for the lust 10 minute+, windows task Manager cannot close it,

10:53 PM 07/08/2012
Computer very slow, long time to open program/window, to switch off/restart,
control panel stops working, windows Task Manager won't close the programs
Internet won't open, if it opens stops responding, cannot close, cannot update
from Microsoft update, malwarebytes stops responding cannot close programs,
all this can only be closed by re-starting and repeat the cycle again and again.

I'm trying to uninstall a program in program and features, is frozen for the last 15 minutes
as I am typing this a popup box says "Please wait until the current program is finished
uninstalling" when it recuperate I clicked uninstall it said to wait for the other program to
finish again, it can go for hours waiting to uninstall

Regards


I believe this is the link to the topic.
http://www.geekstogo...30#entry2187944


  • 0

Advertisements

#47
CompCav
Posted 08 August 2012 - 06:37 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please let me know the current state and post the following logs:

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#48
diinovo
Posted 08 August 2012 - 08:01 PM

diinovo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Dear CampCav
Accept my apologies for giving you so many problems do NOT feel you done wrong or is you fault.

I was very happy with you support and everything was working fine at the end, what happed next! I do not know.

At moment has been running little better, computer still slow, internet steal slow and frizzing, last night I tried to download a security update it stopped at 95% download, I had to re-start, everything stopped I could not close any windows I had to press reset to start, I have not done any security updates since we started this topic.

Shutting down is very slow, when the closing window comes up that says shutting down it stays there for long time, I have to press reset button to shutdown, I hope this helps a little
Thank you


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 10:41:20
-----------------------------
10:41:20.329 OS Version: Windows 6.1.7601 Service Pack 1
10:41:20.329 Number of processors: 2 586 0xF0B
10:41:20.329 ComputerName: KHAN UserName:
10:41:23.147 Initialize success
10:41:27.001 AVAST engine defs: 12080801
10:42:13.118 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
10:42:13.118 Disk 0 Vendor: ST3320613AS CC2J Size: 305245MB BusType: 11
10:42:13.134 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
10:42:13.134 Disk 1 Vendor: ST3500418AS CC35 Size: 476940MB BusType: 11
10:42:13.134 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-6
10:42:13.134 Disk 2 Vendor: WDC_WD10EARS-00MVWB0 51.0AB51 Size: 953869MB BusType: 11
10:42:13.165 Disk 0 MBR read successfully
10:42:13.181 Disk 0 MBR scan
10:42:13.181 Disk 0 Windows 7 default MBR code
10:42:13.196 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 133209 MB offset 2048
10:42:13.196 Disk 0 Partition - 00 0F Extended LBA 172031 MB offset 272815830
10:42:13.228 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 172031 MB offset 272815893
10:42:13.228 Disk 0 scanning sectors +625137345
10:42:13.290 Disk 0 scanning C:\Windows\system32\drivers
10:42:22.089 Service scanning
10:42:39.331 Modules scanning
10:42:45.322 Disk 0 trace - called modules:
10:42:45.353 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
10:42:45.353 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871617b0]
10:42:45.368 3 CLASSPNP.SYS[8d26459e] -> nt!IofCallDriver -> [0x8707e438]
10:42:45.368 5 ACPI.sys[840c13d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x87030908]
10:42:46.133 AVAST engine scan C:\Windows
10:42:49.238 AVAST engine scan C:\Windows\system32
10:45:03.981 AVAST engine scan C:\Windows\system32\drivers
10:45:15.621 AVAST engine scan C:\Users\Administrator
10:49:07.648 AVAST engine scan C:\ProgramData
10:50:02.515 Scan finished successfully
10:50:25.853 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
10:50:25.853 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
---------------------------------------------------------------------------------------


OTL Extras logfile created on: 09/08/2012 10:56:23 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 72.44% Memory free
7.00 Gb Paging File | 5.99 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 107.05 Gb Free Space | 63.72% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 47.83 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 383.50 Gb Free Space | 41.17% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 227.30 Gb Free Space | 48.80% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Browse with XnView] -- "C:\Users\ADMINI~1\AppData\Local\Temp\7zO4D9D.tmp\xnview.exe" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09824A95-DA00-4011-B21B-6F4796A3E61F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0986F084-2C46-4D25-9F14-237FF88EDAF4}" = rport=139 | protocol=6 | dir=out | app=system |
"{15389AAC-8FB8-47FB-A6CB-19E0DB63FCFE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1CBAC39E-7999-441B-8CDE-E48A862F8E2E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2BE56047-8F7E-48AB-8ECF-48BDCD43F916}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35D49BBD-8C77-4D50-9DC4-9CF15CC938AE}" = lport=94 | protocol=6 | dir=out | app=c:\program files\nch software\vrs\vrs.exe |
"{3FF5EA31-8310-4907-8D36-A0E2BE8B8A18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46B4BEA4-0EEB-4C8F-881B-1EBA33D1BDE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C72D63A-657D-4E98-A44C-6D73C45DAFD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DA9B0BA-3849-470A-BA46-FEAD3F7FA8A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E80A86F-4539-40B4-804F-9C26580A95E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6E733705-D08F-46B5-88E3-B15F36902865}" = rport=137 | protocol=17 | dir=out | app=system |
"{89B865DA-A2FC-4DA5-9826-65F025AF0C02}" = lport=137 | protocol=17 | dir=in | app=system |
"{8CC1DE3A-04E8-4DEB-87CC-BBB7F4BCD73E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9F22F7D3-52DF-4D21-9B20-3F7F7EDBEE75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A8E8DA49-1870-40C6-A1AF-C5CDEB74E9F1}" = lport=94 | protocol=6 | dir=in | app=c:\program files\nch software\vrs\vrs.exe |
"{C6A44285-5A1E-48EB-8D96-CF82F381E1F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CEA4879D-58E1-4DFC-B8DA-7A27D95EE656}" = lport=445 | protocol=6 | dir=in | app=system |
"{D0A4DFAF-6D72-4D21-9B33-EA163EFBA73F}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2DD43D7-57AB-4D73-9ADB-DB4438072BB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7BA2383-F345-4D19-BFB2-37072EC4E043}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB9EEF6E-AB31-4554-A9C3-59EE62E60E01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F320DD6C-D741-4D03-8F79-A7001FBF705C}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCA0159A-ED5E-40AC-9054-52A23E3B21AF}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B7A294-B9B6-4069-8FB9-88919F873945}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{17037A3C-430F-465A-8447-B1F3ADAA31C2}" = protocol=17 | dir=in | app=c:\program files\satsuki decoder pack\mpc\mplayerc.exe |
"{2CB24AB2-CE24-46A0-91CD-72A45A085BB3}" = protocol=6 | dir=in | app=c:\program files\satsuki decoder pack\mpc\mplayerc.exe |
"{3268C3F5-5DDF-4E11-8941-4B008935E627}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe |
"{4B6686AF-1906-4DA6-8DCB-F73CC503CF65}" = protocol=58 | dir=out | [email protected],-28546 |
"{4CB308E4-407E-4AC5-AFCB-3CCFDAA6F567}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe |
"{4E5106B1-7BF3-4837-A38C-C2F17F3D638B}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\sysrescue.exe |
"{5A004625-2E48-4863-A9AA-62E61B655D74}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{634B2AFB-0335-4B0E-8C70-7ADF2ACC20B8}" = protocol=6 | dir=in | app=c:\program files\webroot\webrootsecurity\spysweeperui.exe |
"{67FC93F2-22D2-4623-A657-B66E1E53CD02}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\sysrescue.exe |
"{6BD7C42A-487F-43DE-8D02-C57D549B0DBF}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{7FDA74E6-CFCB-4DCF-B716-DCF372470561}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{8346F2CF-4BD7-4EDE-B6E9-77C7F796B39F}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\egui.exe |
"{87E73C11-4054-4756-A2E1-A91934ADCF56}" = protocol=17 | dir=in | app=c:\program files\webroot\webrootsecurity\spysweeperui.exe |
"{89FB2D6B-8967-4275-9906-C0788C8CA1A7}" = protocol=17 | dir=in | app=c:\program files\utorrentportable\utorrentportable.exe |
"{98BAB0D0-1D7C-4A4E-966B-2FBF0E72B6BF}" = protocol=1 | dir=out | [email protected],-28544 |
"{9D27373E-F94D-4DD7-9251-04E158358BC3}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{AC373836-2F29-472A-A3C1-6D1C8CD55063}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBA7277B-0797-4BBD-AC12-AF8E0144F412}" = protocol=58 | dir=in | [email protected],-28545 |
"{C5C67A5C-9D4A-42A2-B1C4-E9F55E9494A9}" = protocol=1 | dir=in | [email protected],-28543 |
"{C79308BE-DC72-4C99-99C2-C70B8284AE67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6FE546B-CEE6-4736-98AC-8EA432E51671}" = protocol=6 | dir=in | app=c:\program files\utorrentportable\utorrentportable.exe |
"{DC7BD124-950D-4803-AA57-DFD930BE72CE}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{E04A34DD-B60D-463E-BD1A-38CEB491D848}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\egui.exe |
"{E3566F2C-10A6-4CAB-A528-8F7A8EA50C18}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{383B557D-16FC-4C26-8D6F-D59324D04906}C:\program files\utorrentportable\app\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrentportable\app\utorrent\utorrent.exe |
"TCP Query User{9F945979-A8B0-4ECB-9311-0640A137A76D}C:\users\administrator\appdata\local\temp\nslda49.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\nslda49.tmp\setup.exe |
"UDP Query User{5380B1D0-0B6E-4E0B-9F0E-F9937DB8E733}C:\program files\utorrentportable\app\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrentportable\app\utorrent\utorrent.exe |
"UDP Query User{5E6CC548-4B4F-4DA8-AC87-DD694CE0DCC7}C:\users\administrator\appdata\local\temp\nslda49.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\nslda49.tmp\setup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B568643E-076D-48A2-B5C3-7F0144D668D8}" = Paradox
"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}" = Microsoft Server Speech Platform Runtime (x86)
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 5
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu for Office 2007 v5.20
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-790CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics
"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A946A6CC-E9F2-44A8-9A8D-095C756AF4EB}" = Microsoft Speech Platform SDK (x86) v11.0
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B568643E-076D-48A2-B5C3-7F0144D668D8}" = Paradox
"{B62C4524-41B5-4E65-952B-36AEC51E3F55}" = WordPerfect Office X5
"{C507B0CC-BA89-4479-B3CA-E553E5D19548}" = Microsoft Office Professional Edition 2003 Plus Languages (VMware ThinApp)
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools
"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP
"{DE1DDAC8-0451-4F16-B63D-B72FBCBC9BF6}" = Febooti fileTweak Hash and CRC
"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters
"{E6A4E6CD-B92C-4CFD-AEE9-97D361B4CE25}_is1" = TypeIt ReadIt 1.6
"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"7-zip" = 7-zip v9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.7.139
"DeleteProdVV2000Full_US" = IBM ViaVoice Pro - US English
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn Disc Burning Software
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HashTab" = HashTab 4.0.0.2
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PE Builder_is1" = PE Builder 3.1.10a
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Sandboxie" = Sandboxie 3.72 (32-bit)
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"Security Task Manager" = Security Task Manager 1.8d
"Soulseek2" = SoulSeek 157 NS 13e
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WebcamMax" = WebcamMax
"WindowsScriptHost" = Microsoft Windows Script Host
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/08/2012 2:07:39 AM | Computer Name = Khan | Source = MsiInstaller | ID = 11922
Description = Application: Kaspersky Security Scan -- Error 1922. Service Kaspersky
Security Scan Service (KSS) could not be deleted. Verify that you have sufficient
privileges to remove system services.

Error - 01/08/2012 2:20:25 AM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: MSONSEXT.DLL, version: 11.0.6715.60,
time stamp: 0x43306199 Exception code: 0xc0000005 Fault offset: 0x00053555 Faulting
process id: 0x4a8 Faulting application start time: 0x01cd6faccf9d79df Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Report
Id: faac05ec-dba0-11e1-8e38-001a4d5634f4

Error - 01/08/2012 2:51:39 AM | Computer Name = Khan | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often
caused by incorrect security settings in either the writer or requestor process.


Operation:

Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer Writer Instance ID: {8c4d64d3-f62d-4ab8-92b1-40bb1dac5164}

Error - 01/08/2012 6:03:25 PM | Computer Name = Khan | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often
caused by incorrect security settings in either the writer or requestor process.


Operation:

Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer Writer Instance ID: {47481c23-62b6-4af6-af90-d1fd16d87bea}

Error - 01/08/2012 8:21:39 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02/08/2012 8:16:56 PM | Computer Name = Khan | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often
caused by incorrect security settings in either the writer or requestor process.


Operation:

Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer Writer Instance ID: {72aca468-8625-4019-a730-94d08b2efb47}

Error - 03/08/2012 10:32:56 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 03/08/2012 8:46:34 PM | Computer Name = Khan | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary NetIO Legacy TDI Support Driver. System Error: The system cannot find the
file specified. .

Error - 03/08/2012 8:46:35 PM | Computer Name = Khan | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service WinHTTP Web Proxy Auto-Discovery Service since QueryServiceConfig API
failed System Error: The system cannot find the file specified. .

Error - 03/08/2012 8:57:39 PM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: sechost.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdb04 Exception code: 0xc0000005 Fault offset: 0x000075b5 Faulting process
id: 0x3dc Faulting application start time: 0x01cd71dc0638976b Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\sechost.dll
Report
Id: 62f58a93-ddcf-11e1-96cf-001a4d5634f4

[ OSession Events ]
Error - 01/02/2012 8:09:29 PM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 648
seconds with 300 seconds of active time. This session ended with a crash.

Error - 06/06/2012 8:13:04 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/07/2012 2:56:05 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 69040
seconds with 3180 seconds of active time. This session ended with a crash.

Error - 29/07/2012 9:03:44 PM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 375
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 08/08/2012 7:49:48 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7003
Description = The DNS Client service depends the following service: Tdx. This service
might not be installed.

Error - 08/08/2012 7:49:48 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%2

Error - 08/08/2012 7:49:49 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7003
Description = The DNS Client service depends the following service: Tdx. This service
might not be installed.

Error - 08/08/2012 7:49:49 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%2

Error - 08/08/2012 7:51:45 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 08/08/2012 7:51:45 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056

Error - 08/08/2012 7:52:12 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%2 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 08/08/2012 7:52:12 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 08/08/2012 7:52:21 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7003
Description = The DNS Client service depends the following service: Tdx. This service
might not be installed.

Error - 08/08/2012 7:52:22 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%2


< End of report >
--------------------------------------------------------------------------------------



OTL logfile created on: 09/08/2012 10:56:23 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 72.44% Memory free
7.00 Gb Paging File | 5.99 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 107.05 Gb Free Space | 63.72% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 47.83 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 383.50 Gb Free Space | 41.17% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 227.30 Gb Free Space | 48.80% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 10:52:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/07/04 02:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/07/04 02:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/17 17:51:58 | 000,466,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/06/17 17:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/05/15 19:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2010/07/29 18:19:04 | 000,234,496 | ---- | M] () -- C:\Program Files\Total Video Converter\TVCShellExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - File not found [Disabled | Stopped] -- -- (Messenger)
SRV - File not found [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/04 02:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/17 17:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/20 12:58:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/07/04 02:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/04 02:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/04 02:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/04 02:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/04 02:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/04 02:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/17 17:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/05/15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 11:45:19 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/06/23 16:43:04 | 001,068,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/07/14 10:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2002/01/12 16:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PortTalk.sys -- (PortTalk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 91 09 90 5C B5 CC 01 [binary data]
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes,DefaultScope = {5E3DD9B7-5DB3-443C-AED9-98B91906A19C}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{5E3DD9B7-5DB3-443C-AED9-98B91906A19C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...&ver=4.0.0.1550
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Search Defender"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/17 13:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/08/01 18:32:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 10:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 15:43:17 | 000,000,000 | ---D | M]

[2011/12/16 11:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/08/07 23:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions
[2012/07/22 08:50:40 | 000,008,397 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\pdf-ebook-searches.xml
[2012/06/22 10:33:10 | 000,002,349 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender-1.xml
[2012/06/20 22:52:17 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender.xml
[2012/07/22 08:50:44 | 000,011,187 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\timeanddatecom.xml
[2012/08/01 17:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/10 17:49:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/14 17:15:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/07/14 17:15:07 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/06/17 19:47:06 | 000,004,539 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNJVK5V2.DEFAULT\EXTENSIONS\[email protected]
[2012/06/15 08:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/15 08:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/07 09:52:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2411852452-117403543-12125213-500..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D}: NameServer = 4.2.2.2,4.2.2.3
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 12:04:17 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 10:51:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/09 10:40:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/08/08 22:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012/08/08 16:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM ViaVoice
[2012/08/08 16:20:58 | 000,022,528 | ---- | C] (Blue Sky Software Corp.) -- C:\Windows\System32\rhmmplay.dll
[2012/08/08 16:20:58 | 000,000,000 | ---D | C] -- C:\Windows\msagent
[2012/08/08 16:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Script
[2012/08/08 16:20:06 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\roboex32.dll
[2012/08/08 16:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\ViaVoice
[2012/08/06 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashDumps
[2012/08/03 10:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/01 18:32:27 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/08/01 18:32:26 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/08/01 18:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/01 18:01:29 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/08/01 18:01:28 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/08/01 18:01:21 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/08/01 18:01:20 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/08/01 18:01:19 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/08/01 18:01:07 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/01 18:01:06 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/08/01 18:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/08/01 18:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/08/01 17:27:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NPE
[2012/08/01 17:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/08/01 09:51:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0299FDF-A831-4462-8736-B18329DEB036}
[2012/08/01 09:50:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AC396B65-8B0D-4442-8B38-27374F7B8BD0}
[2012/07/30 10:38:16 | 000,360,448 | ---- | C] (funkytoad.com) -- C:\Program Files\HostsXpert.exe
[2012/07/26 18:04:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{759BB2B0-7A44-4652-8E38-5945C47B0E0B}
[2012/07/26 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76D8B33A-111B-4C67-B2BF-36CBEEF33929}
[2012/07/25 14:13:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\XnView
[2012/07/25 13:07:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E33867B-8B67-45DF-BCA7-A531AD99B98D}
[2012/07/25 13:06:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{90BAF3AA-F32C-4292-8DFD-F64151112598}
[2012/07/25 10:08:05 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/25 10:02:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{496E6C90-A687-42C1-BF6F-C5A617E9A804}
[2012/07/25 10:02:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{58CD57F9-C679-4337-A711-543B2FA37BE9}
[2012/07/25 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CD577DD-7E8F-423D-A743-CF871D521859}
[2012/07/25 10:00:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{648BC0AE-5425-4AB6-B256-D8AD576EED49}
[2012/07/25 09:59:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A26BAE9E-EFC6-4BDA-9D46-EAA43873C995}
[2012/07/25 09:59:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9EBADFA-0EC6-489A-82CE-4EA3CBA31280}
[2012/07/25 09:50:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A1542D36-3A45-4777-8832-AD234B7C02F4}
[2012/07/25 09:50:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BD57604F-385B-48FC-B2E2-A9D62997A618}
[2012/07/23 21:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/07/23 14:52:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{103930BC-8084-4116-9DFC-C008E7A1F0D4}
[2012/07/23 14:49:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1FB64A9D-F42A-46CF-BB07-2BD0FB23A7BF}
[2012/07/23 14:45:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{4673D3DE-077F-4EBB-8878-199176EE69AD}
[2012/07/23 14:41:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{94DDC534-0E4B-481C-9A4C-74825828C85C}
[2012/07/23 14:38:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E1B8CFB8-B8D6-4FF3-8EBE-261755D8AA1B}
[2012/07/23 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{234AD5FF-50CB-43BF-A946-2F78860EC068}
[2012/07/23 14:29:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E5C99CB4-A73F-4416-8E87-1B88A686AEC8}
[2012/07/23 09:53:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B86E0C31-A459-4E85-AEC8-976186035082}
[2012/07/23 09:49:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16B5B940-ED9B-4281-A0B2-F18F1FF08D73}
[2012/07/22 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012/07/22 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CRE
[2012/07/21 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1B42E99A-C774-4B30-A6A8-4E9B0068AA3F}
[2012/07/21 11:19:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87C36CEE-6B0B-4DA2-AC10-17F64D3E4884}
[2012/07/21 11:14:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{216668E3-9816-4658-9300-2D02617788E1}
[2012/07/21 11:13:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5106A4A-9C0E-4EAE-8B6C-6B2BC42944E5}
[2012/07/21 10:08:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5304FB6-D9CA-4DEF-BBC8-15965A4ECACD}
[2012/07/21 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{3B87E682-8AD7-419C-932C-E0B5AABA77FA}
[2012/07/21 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{40BB17BB-953F-40F7-B01A-79372BA6EAC5}
[2012/07/21 10:06:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E5F9EC55-211B-4841-8B7F-C16A6217385D}
[2012/07/20 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{263F4AB0-90AC-4623-B2CB-C472E17990A0}
[2012/07/20 17:30:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C4FBF46A-1DE8-4EB8-B36C-832FCE8E7AC4}
[2012/07/16 11:55:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\CCWin
[2012/07/14 17:04:49 | 000,638,976 | ---- | C] (ESET) -- C:\Windows\ESETUninstaller.exe
[2012/07/14 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2012/07/12 13:31:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5AC709BE-44AC-4AA8-88E7-CCE137CBB5FD}
[2012/07/12 05:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/07/12 05:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2012/07/11 10:03:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\updfiles
[2012/07/11 02:42:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 10:52:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/09 10:50:25 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/08/09 10:40:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/08/09 10:14:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 10:14:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/09 09:58:29 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 09:58:29 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 09:50:46 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/08/09 09:48:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 09:48:48 | 2817,380,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 16:59:17 | 000,007,308 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/08/08 12:15:00 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/08/08 09:57:56 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/08 09:57:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/08 09:57:53 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/07 09:52:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/08/04 10:45:04 | 000,002,174 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/08/02 21:29:18 | 000,000,008 | RHS- | M] () -- C:\ProgramData\8510DB6088.sys
[2012/07/30 11:10:57 | 000,431,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/25 18:21:02 | 000,225,651 | ---- | M] () -- C:\Users\Administrator\Desktop\Youtube Ultima 1_001.png
[2012/07/22 12:35:31 | 000,041,097 | ---- | M] () -- C:\Users\Administrator\Desktop\Extend ja-f-27b.pdf
[2012/07/20 20:52:45 | 000,018,706 | ---- | M] () -- C:\Users\Administrator\Desktop\Pay Slip.zip
[2012/07/19 17:39:24 | 000,000,353 | ---- | M] () -- C:\Users\Administrator\Desktop\164 A-C compressor rebuild needed - Alfa Romeo Bulletin Board & Forums.url
[2012/07/14 18:38:09 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/14 17:16:37 | 000,017,408 | ---- | M] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/07/14 17:04:26 | 000,638,976 | ---- | M] (ESET) -- C:\Windows\ESETUninstaller.exe
[2012/07/14 15:44:20 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/14 15:44:20 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/14 14:38:51 | 000,001,441 | ---- | M] () -- C:\Users\Administrator\Desktop\Internet Explorer.lnk
[2012/07/14 09:23:05 | 002,784,732 | ---- | M] () -- C:\Windows\System32\em023_32.dat
[2012/07/14 09:23:04 | 035,604,120 | ---- | M] () -- C:\Windows\System32\em002_32.dat
[2012/07/12 06:20:20 | 000,089,094 | ---- | M] () -- C:\Windows\System32\em006_32.dat
[2012/07/11 21:44:08 | 001,103,622 | ---- | M] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:08 | 000,492,053 | ---- | M] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:08 | 000,252,560 | ---- | M] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:08 | 000,046,729 | ---- | M] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:08 | 000,038,604 | ---- | M] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:08 | 000,004,342 | ---- | M] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 21:44:07 | 000,714,995 | ---- | M] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:43:57 | 000,521,149 | ---- | M] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:43:57 | 000,055,770 | ---- | M] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 07:44:48 | 000,000,000 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/07/11 02:08:53 | 012,320,768 | ---- | M] () -- C:\Users\Administrator\ntuser.bak
[2012/07/11 01:57:33 | 001,346,640 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/09 10:50:25 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/08/08 16:21:12 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM ViaVoice VoiceCenter.lnk
[2012/08/06 17:47:36 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/03 10:04:17 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 10:04:06 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 21:29:18 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8510DB6088.sys
[2012/08/01 18:01:30 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/25 18:21:01 | 000,225,651 | ---- | C] () -- C:\Users\Administrator\Desktop\Youtube Ultima 1_001.png
[2012/07/22 12:35:31 | 000,041,097 | ---- | C] () -- C:\Users\Administrator\Desktop\Extend ja-f-27b.pdf
[2012/07/20 20:52:45 | 000,018,706 | ---- | C] () -- C:\Users\Administrator\Desktop\Pay Slip.zip
[2012/07/19 17:39:24 | 000,000,353 | ---- | C] () -- C:\Users\Administrator\Desktop\164 A-C compressor rebuild needed - Alfa Romeo Bulletin Board & Forums.url
[2012/07/14 17:16:34 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/07/14 14:38:51 | 000,001,441 | ---- | C] () -- C:\Users\Administrator\Desktop\Internet Explorer.lnk
[2012/07/11 21:44:09 | 035,604,120 | ---- | C] () -- C:\Windows\System32\em002_32.dat
[2012/07/11 21:44:09 | 002,784,732 | ---- | C] () -- C:\Windows\System32\em023_32.dat
[2012/07/11 21:44:09 | 001,103,622 | ---- | C] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:09 | 000,714,995 | ---- | C] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:44:09 | 000,521,149 | ---- | C] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:44:09 | 000,492,053 | ---- | C] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:09 | 000,252,560 | ---- | C] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:09 | 000,089,094 | ---- | C] () -- C:\Windows\System32\em006_32.dat
[2012/07/11 21:44:09 | 000,055,770 | ---- | C] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 21:44:09 | 000,046,729 | ---- | C] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:09 | 000,038,604 | ---- | C] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:09 | 000,004,342 | ---- | C] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 10:02:28 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/11 10:02:27 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/11 02:47:41 | 000,000,000 | ---- | C] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/06/30 15:23:35 | 000,002,174 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0611.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0559.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0536.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0520.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0512.old
[2012/04/17 22:48:02 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2012/04/10 17:53:58 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/04/01 23:45:41 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/03/19 13:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\Textart.INI
[2012/02/09 14:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/02/02 14:32:01 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012/01/30 23:42:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/24 21:53:30 | 000,000,564 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/20 15:48:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/20 15:47:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/17 10:50:09 | 000,000,948 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/01/17 10:50:09 | 000,000,154 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/01/17 10:49:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/01/17 10:49:34 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/17 10:48:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/01/17 10:48:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/01/12 08:13:33 | 000,007,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/06 18:40:15 | 000,014,848 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/06 01:53:12 | 145,727,915 | ---- | C] () -- C:\Users\Administrator\Sky Angel Vol.72 Internal Cum Shot - AYA-02.mp4
[2011/12/21 21:03:43 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/12/16 11:00:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/11 11:39:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/11 11:37:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/12/10 20:34:27 | 000,007,308 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/10 20:27:15 | 000,000,258 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI
[2011/12/08 04:22:23 | 012,320,768 | ---- | C] () -- C:\Users\Administrator\ntuser.bak
[2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/11/22 03:55:12 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/28 03:00:11 | 000,001,194 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== LOP Check ==========

[2011/12/13 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/02/02 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2012/07/11 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[2012/04/01 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garmin
[2012/04/06 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HideIPEasy
[2012/03/18 08:51:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2012/03/12 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound
[2011/12/16 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2011/12/16 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012/03/26 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC-FAX TX
[2012/03/12 12:47:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Regensoft
[2012/01/21 23:07:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Registry Mechanic
[2011/12/21 21:05:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScanSoft
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2011/12/24 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SurfAnonymousFree
[2012/06/17 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012/03/14 12:22:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2012/04/03 13:18:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TypeItReadIt
[2011/12/11 17:18:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebcamMax
[2012/03/12 12:57:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Win7codecs
[2012/07/25 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\XnView
[2012/08/08 09:57:53 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\avast! Emergency Update.job
[2012/08/09 09:50:46 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2012/08/08 12:15:00 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro Updates.job
[2012/08/09 09:49:45 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2000/12/13 09:28:42 | 000,030,068 | ---- | M] () -- C:\FIXKRIZ.EXE

< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Files\C\Windows\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES >
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CSS >
[2007/07/18 19:10:46 | 000,001,111 | R--- | M] () MD5=AC91C948DBB2BBE9B6A1EF98F1214CEC -- C:\Program Files\Common Files\Corel\Online Services\1.0\Languages\EN\Content\services.css
[2007/07/19 00:10:46 | 000,001,111 | R--- | M] () MD5=AC91C948DBB2BBE9B6A1EF98F1214CEC -- C:\Windows.old\Program Files\Common Files\Corel\Online Services\1.0\Languages\EN\Content\services.css

< MD5 for: SERVICES.DAT >
[2012/01/06 08:16:31 | 000,010,240 | ---- | M] () MD5=598DA820816EFCCC9D2D3115BC21F620 -- C:\Program Files\Acrobat X Pro\Acrobat X Pro\MODIFIED\@APPDATA@\Adobe\Acrobat\10.0\Security\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows.old\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBK >
[2012/07/22 14:44:59 | 000,001,334 | ---- | M] () MD5=533135AA7AE295BE7F28F7A5D98EBC7A -- C:\Program Files\Registry Mechanic\backup\Services.sbk

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Files - Unicode (All) ==========
[2012/08/03 10:07:32 | 000,000,054 | ---- | M] ()(C:\Windows\???u?u) -- C:\Windows\씵知ﵰuﲘu
[2012/08/03 10:07:32 | 000,000,054 | ---- | C] ()(C:\Windows\???u?u) -- C:\Windows\씵知ﵰuﲘu

========== Alternate Data Streams ==========

@Alternate Data Stream - 266 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:64FFFDC8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

If you wish you can also contact me on private email
  • 0

#49
CompCav
Posted 08 August 2012 - 08:46 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
[2012/08/02 21:29:18 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8510DB6088.sys
[2012/08/03 10:07:32 | 000,000,054 | ---- | M] ()(C:\Windows\???u?u) -- C:\Windows\씵知ﵰuﲘu
[2012/08/03 10:07:32 | 000,000,054 | ---- | C] ()(C:\Windows\???u?u) -- C:\Windows\씵知ﵰuﲘu


:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 1.

There seems to be a problem after updates so we need to run these two tools to check on last update.

Run MGADiag

Now I think what you have is non standard and that is why we keep getting the unknown MBR.

Let's assume that for now and move on.

Firstly do this:

Please run the MGA Diagnostic Tool and post back the report it produces:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Scan with WVCheck:

Please download WVCheck and save it to the desktop.

Right-click on WVCheck.exe and select Run as Administrator then follow the prompts.
The scan may take some time depending on the Hard-Drive size.
Please post the contents of the notepad file WVCheck_1009_dd-mm-yyyy that can be located on the desktop.


Step 3.

OK next we will check the disc and then the file structure

  • On the desktop click the My Computer icon
  • Right click your main drive (I am on C) and select properties
  • Select the tools tab
  • Select error checking
  • Place a tick in both boxes
  • Press start
  • You will get a warning that it needs to reboot to continue
  • Allow it to do so

Posted Image

Once completed

Run an elevated command prompt
Go to Start, All programs, Accessories
Right click command prompt and select run as administrator
Posted Image

In the black box that opens type or copy and paste the following command and press enter:

sfc /scannow

Posted Image

After all this is completed could you update me on the problems being experienced and post the logs from steps 1 and 2
  • 0

#50
diinovo
Posted 09 August 2012 - 08:49 AM

diinovo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Dear CompCav

Internet Explorer is working fine after the fix

I have done all according to you specifications, the scans took some time to run.

I wanted to use the computer for a wile to see how it worked, at first seems fine, but!

After all scans are done, Windows update not working
I taken a desktop shot with Paint, it worked I went to save as, to save the
file, it stopped responding, I closed the program re-tray second time, again
save as, it stopped, about 2 minutes late the save as window opens and I
can save the file, generally everything slow.

I have returned to the compute after living idle for about 3, ½ hours
Internet is not opening the page, I use google for searches is not loading, waited
7/ 8 minutes and not opening, some file, documents or programs don’t open, others take
several minutes to open.

(I now realize) everyday as time passes without re-starting, the
compute becomes inoperational, (it had done this everyday) nothing work, you cannot run anything, I had to re-start to post this to you, and even that I restarted, I connected to Internet OK but a word processor would not open, will return tomorrow
noon to use it again and see how it works.

Thank You


OTL logfile created on: 09/08/2012 10:56:23 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 72.44% Memory free
7.00 Gb Paging File | 5.99 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 107.05 Gb Free Space | 63.72% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 47.83 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 383.50 Gb Free Space | 41.17% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 227.30 Gb Free Space | 48.80% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 10:52:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/07/04 02:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/07/04 02:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/17 17:51:58 | 000,466,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/06/17 17:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/05/15 19:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2010/07/29 18:19:04 | 000,234,496 | ---- | M] () -- C:\Program Files\Total Video Converter\TVCShellExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - File not found [Disabled | Stopped] -- -- (Messenger)
SRV - File not found [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/04 02:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/17 17:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/20 12:58:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/07/04 02:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/04 02:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/04 02:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/04 02:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/04 02:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/04 02:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/17 17:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/05/15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 11:45:19 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/06/23 16:43:04 | 001,068,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/07/14 10:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2002/01/12 16:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PortTalk.sys -- (PortTalk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 91 09 90 5C B5 CC 01 [binary data]
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes,DefaultScope = {5E3DD9B7-5DB3-443C-AED9-98B91906A19C}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{5E3DD9B7-5DB3-443C-AED9-98B91906A19C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...&ver=4.0.0.1550
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Search Defender"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/17 13:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/08/01 18:32:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 10:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 15:43:17 | 000,000,000 | ---D | M]

[2011/12/16 11:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/08/07 23:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions
[2012/07/22 08:50:40 | 000,008,397 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\pdf-ebook-searches.xml
[2012/06/22 10:33:10 | 000,002,349 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender-1.xml
[2012/06/20 22:52:17 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender.xml
[2012/07/22 08:50:44 | 000,011,187 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\timeanddatecom.xml
[2012/08/01 17:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/10 17:49:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/14 17:15:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/07/14 17:15:07 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/06/17 19:47:06 | 000,004,539 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNJVK5V2.DEFAULT\EXTENSIONS\[email protected]
[2012/06/15 08:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/15 08:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/07 09:52:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-2411852452-117403543-12125213-500..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D}: NameServer = 4.2.2.2,4.2.2.3
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 12:04:17 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 10:51:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/09 10:40:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/08/08 22:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012/08/08 16:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM ViaVoice
[2012/08/08 16:20:58 | 000,022,528 | ---- | C] (Blue Sky Software Corp.) -- C:\Windows\System32\rhmmplay.dll
[2012/08/08 16:20:58 | 000,000,000 | ---D | C] -- C:\Windows\msagent
[2012/08/08 16:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Script
[2012/08/08 16:20:06 | 000,317,952 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\roboex32.dll
[2012/08/08 16:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\ViaVoice
[2012/08/06 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashDumps
[2012/08/03 10:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/01 18:32:27 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/08/01 18:32:26 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/08/01 18:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/01 18:01:29 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/08/01 18:01:28 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/08/01 18:01:21 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/08/01 18:01:20 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/08/01 18:01:19 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/08/01 18:01:07 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/01 18:01:06 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/08/01 18:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/08/01 18:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/08/01 17:27:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NPE
[2012/08/01 17:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/08/01 09:51:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{F0299FDF-A831-4462-8736-B18329DEB036}
[2012/08/01 09:50:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{AC396B65-8B0D-4442-8B38-27374F7B8BD0}
[2012/07/30 10:38:16 | 000,360,448 | ---- | C] (funkytoad.com) -- C:\Program Files\HostsXpert.exe
[2012/07/26 18:04:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{759BB2B0-7A44-4652-8E38-5945C47B0E0B}
[2012/07/26 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{76D8B33A-111B-4C67-B2BF-36CBEEF33929}
[2012/07/25 14:13:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\XnView
[2012/07/25 13:07:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{9E33867B-8B67-45DF-BCA7-A531AD99B98D}
[2012/07/25 13:06:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{90BAF3AA-F32C-4292-8DFD-F64151112598}
[2012/07/25 10:08:05 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/25 10:02:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{496E6C90-A687-42C1-BF6F-C5A617E9A804}
[2012/07/25 10:02:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{58CD57F9-C679-4337-A711-543B2FA37BE9}
[2012/07/25 10:00:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1CD577DD-7E8F-423D-A743-CF871D521859}
[2012/07/25 10:00:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{648BC0AE-5425-4AB6-B256-D8AD576EED49}
[2012/07/25 09:59:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A26BAE9E-EFC6-4BDA-9D46-EAA43873C995}
[2012/07/25 09:59:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B9EBADFA-0EC6-489A-82CE-4EA3CBA31280}
[2012/07/25 09:50:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{A1542D36-3A45-4777-8832-AD234B7C02F4}
[2012/07/25 09:50:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BD57604F-385B-48FC-B2E2-A9D62997A618}
[2012/07/23 21:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/07/23 14:52:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{103930BC-8084-4116-9DFC-C008E7A1F0D4}
[2012/07/23 14:49:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1FB64A9D-F42A-46CF-BB07-2BD0FB23A7BF}
[2012/07/23 14:45:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{4673D3DE-077F-4EBB-8878-199176EE69AD}
[2012/07/23 14:41:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{94DDC534-0E4B-481C-9A4C-74825828C85C}
[2012/07/23 14:38:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E1B8CFB8-B8D6-4FF3-8EBE-261755D8AA1B}
[2012/07/23 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{234AD5FF-50CB-43BF-A946-2F78860EC068}
[2012/07/23 14:29:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E5C99CB4-A73F-4416-8E87-1B88A686AEC8}
[2012/07/23 09:53:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B86E0C31-A459-4E85-AEC8-976186035082}
[2012/07/23 09:49:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16B5B940-ED9B-4281-A0B2-F18F1FF08D73}
[2012/07/22 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012/07/22 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CRE
[2012/07/21 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1B42E99A-C774-4B30-A6A8-4E9B0068AA3F}
[2012/07/21 11:19:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87C36CEE-6B0B-4DA2-AC10-17F64D3E4884}
[2012/07/21 11:14:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{216668E3-9816-4658-9300-2D02617788E1}
[2012/07/21 11:13:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5106A4A-9C0E-4EAE-8B6C-6B2BC42944E5}
[2012/07/21 10:08:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5304FB6-D9CA-4DEF-BBC8-15965A4ECACD}
[2012/07/21 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{3B87E682-8AD7-419C-932C-E0B5AABA77FA}
[2012/07/21 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{40BB17BB-953F-40F7-B01A-79372BA6EAC5}
[2012/07/21 10:06:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E5F9EC55-211B-4841-8B7F-C16A6217385D}
[2012/07/20 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{263F4AB0-90AC-4623-B2CB-C472E17990A0}
[2012/07/20 17:30:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C4FBF46A-1DE8-4EB8-B36C-832FCE8E7AC4}
[2012/07/16 11:55:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\CCWin
[2012/07/14 17:04:49 | 000,638,976 | ---- | C] (ESET) -- C:\Windows\ESETUninstaller.exe
[2012/07/14 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2012/07/12 13:31:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5AC709BE-44AC-4AA8-88E7-CCE137CBB5FD}
[2012/07/12 05:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/07/12 05:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2012/07/11 10:03:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\updfiles
[2012/07/11 02:42:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 10:52:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/09 10:50:25 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/08/09 10:40:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/08/09 10:14:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 10:14:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/09 09:58:29 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 09:58:29 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 09:50:46 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/08/09 09:48:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 09:48:48 | 2817,380,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 16:59:17 | 000,007,308 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/08/08 12:15:00 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/08/08 09:57:56 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/08 09:57:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/08 09:57:53 | 000,000,352 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/07 09:52:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/08/04 10:45:04 | 000,002,174 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/08/02 21:29:18 | 000,000,008 | RHS- | M] () -- C:\ProgramData\8510DB6088.sys
[2012/07/30 11:10:57 | 000,431,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/25 18:21:02 | 000,225,651 | ---- | M] () -- C:\Users\Administrator\Desktop\Youtube Ultima 1_001.png
[2012/07/22 12:35:31 | 000,041,097 | ---- | M] () -- C:\Users\Administrator\Desktop\Extend ja-f-27b.pdf
[2012/07/20 20:52:45 | 000,018,706 | ---- | M] () -- C:\Users\Administrator\Desktop\Pay Slip.zip
[2012/07/19 17:39:24 | 000,000,353 | ---- | M] () -- C:\Users\Administrator\Desktop\164 A-C compressor rebuild needed - Alfa Romeo Bulletin Board & Forums.url
[2012/07/14 18:38:09 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/14 17:16:37 | 000,017,408 | ---- | M] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/07/14 17:04:26 | 000,638,976 | ---- | M] (ESET) -- C:\Windows\ESETUninstaller.exe
[2012/07/14 15:44:20 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/14 15:44:20 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/14 14:38:51 | 000,001,441 | ---- | M] () -- C:\Users\Administrator\Desktop\Internet Explorer.lnk
[2012/07/14 09:23:05 | 002,784,732 | ---- | M] () -- C:\Windows\System32\em023_32.dat
[2012/07/14 09:23:04 | 035,604,120 | ---- | M] () -- C:\Windows\System32\em002_32.dat
[2012/07/12 06:20:20 | 000,089,094 | ---- | M] () -- C:\Windows\System32\em006_32.dat
[2012/07/11 21:44:08 | 001,103,622 | ---- | M] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:08 | 000,492,053 | ---- | M] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:08 | 000,252,560 | ---- | M] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:08 | 000,046,729 | ---- | M] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:08 | 000,038,604 | ---- | M] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:08 | 000,004,342 | ---- | M] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 21:44:07 | 000,714,995 | ---- | M] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:43:57 | 000,521,149 | ---- | M] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:43:57 | 000,055,770 | ---- | M] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 07:44:48 | 000,000,000 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/07/11 02:08:53 | 012,320,768 | ---- | M] () -- C:\Users\Administrator\ntuser.bak
[2012/07/11 01:57:33 | 001,346,640 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/09 10:50:25 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/08/08 16:21:12 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM ViaVoice VoiceCenter.lnk
[2012/08/06 17:47:36 | 000,000,352 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/08/03 10:04:17 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 10:04:06 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 21:29:18 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8510DB6088.sys
[2012/08/01 18:01:30 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/25 18:21:01 | 000,225,651 | ---- | C] () -- C:\Users\Administrator\Desktop\Youtube Ultima 1_001.png
[2012/07/22 12:35:31 | 000,041,097 | ---- | C] () -- C:\Users\Administrator\Desktop\Extend ja-f-27b.pdf
[2012/07/20 20:52:45 | 000,018,706 | ---- | C] () -- C:\Users\Administrator\Desktop\Pay Slip.zip
[2012/07/19 17:39:24 | 000,000,353 | ---- | C] () -- C:\Users\Administrator\Desktop\164 A-C compressor rebuild needed - Alfa Romeo Bulletin Board & Forums.url
[2012/07/14 17:16:34 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/07/14 14:38:51 | 000,001,441 | ---- | C] () -- C:\Users\Administrator\Desktop\Internet Explorer.lnk
[2012/07/11 21:44:09 | 035,604,120 | ---- | C] () -- C:\Windows\System32\em002_32.dat
[2012/07/11 21:44:09 | 002,784,732 | ---- | C] () -- C:\Windows\System32\em023_32.dat
[2012/07/11 21:44:09 | 001,103,622 | ---- | C] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:09 | 000,714,995 | ---- | C] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:44:09 | 000,521,149 | ---- | C] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:44:09 | 000,492,053 | ---- | C] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:09 | 000,252,560 | ---- | C] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:09 | 000,089,094 | ---- | C] () -- C:\Windows\System32\em006_32.dat
[2012/07/11 21:44:09 | 000,055,770 | ---- | C] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 21:44:09 | 000,046,729 | ---- | C] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:09 | 000,038,604 | ---- | C] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:09 | 000,004,342 | ---- | C] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 10:02:28 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/11 10:02:27 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/11 02:47:41 | 000,000,000 | ---- | C] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/06/30 15:23:35 | 000,002,174 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0611.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0559.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0536.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0520.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0512.old
[2012/04/17 22:48:02 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2012/04/10 17:53:58 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/04/01 23:45:41 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/03/19 13:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\Textart.INI
[2012/02/09 14:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/02/02 14:32:01 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012/01/30 23:42:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/24 21:53:30 | 000,000,564 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/20 15:48:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/20 15:47:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/17 10:50:09 | 000,000,948 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/01/17 10:50:09 | 000,000,154 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/01/17 10:49:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/01/17 10:49:34 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/17 10:48:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/01/17 10:48:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/01/12 08:13:33 | 000,007,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/06 18:40:15 | 000,014,848 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/06 01:53:12 | 145,727,915 | ---- | C] () -- C:\Users\Administrator\Sky Angel Vol.72 Internal Cum Shot - AYA-02.mp4
[2011/12/21 21:03:43 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/12/16 11:00:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/11 11:39:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/11 11:37:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/12/10 20:34:27 | 000,007,308 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/10 20:27:15 | 000,000,258 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI
[2011/12/08 04:22:23 | 012,320,768 | ---- | C] () -- C:\Users\Administrator\ntuser.bak
[2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/11/22 03:55:12 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/28 03:00:11 | 000,001,194 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== LOP Check ==========

[2011/12/13 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/02/02 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2012/07/11 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[2012/04/01 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garmin
[2012/04/06 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HideIPEasy
[2012/03/18 08:51:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2012/03/12 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound
[2011/12/16 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2011/12/16 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012/03/26 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC-FAX TX
[2012/03/12 12:47:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Regensoft
[2012/01/21 23:07:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Registry Mechanic
[2011/12/21 21:05:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScanSoft
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2011/12/24 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SurfAnonymousFree
[2012/06/17 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012/03/14 12:22:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2012/04/03 13:18:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TypeItReadIt
[2011/12/11 17:18:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebcamMax
[2012/03/12 12:57:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Win7codecs
[2012/07/25 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\XnView
[2012/08/08 09:57:53 | 000,000,352 | -H-- | M] () -- C:\Windows\Tasks\avast! Emergency Update.job
[2012/08/09 09:50:46 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2012/08/08 12:15:00 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro Updates.job
[2012/08/09 09:49:45 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2000/12/13 09:28:42 | 000,030,068 | ---- | M] () -- C:\FIXKRIZ.EXE

< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Files\C\Windows\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES >
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CSS >
[2007/07/18 19:10:46 | 000,001,111 | R--- | M] () MD5=AC91C948DBB2BBE9B6A1EF98F1214CEC -- C:\Program Files\Common Files\Corel\Online Services\1.0\Languages\EN\Content\services.css
[2007/07/19 00:10:46 | 000,001,111 | R--- | M] () MD5=AC91C948DBB2BBE9B6A1EF98F1214CEC -- C:\Windows.old\Program Files\Common Files\Corel\Online Services\1.0\Languages\EN\Content\services.css

< MD5 for: SERVICES.DAT >
[2012/01/06 08:16:31 | 000,010,240 | ---- | M] () MD5=598DA820816EFCCC9D2D3115BC21F620 -- C:\Program Files\Acrobat X Pro\Acrobat X Pro\MODIFIED\@APPDATA@\Adobe\Acrobat\10.0\Security\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows.old\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBK >
[2012/07/22 14:44:59 | 000,001,334 | ---- | M] () MD5=533135AA7AE295BE7F28F7A5D98EBC7A -- C:\Program Files\Registry Mechanic\backup\Services.sbk

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Files - Unicode (All) ==========
[2012/08/03 10:07:32 | 000,000,054 | ---- | M] ()(C:\Windows\???u?u) -- C:\Windows\씵知ﵰuﲘu
[2012/08/03 10:07:32 | 000,000,054 | ---- | C] ()(C:\Windows\???u?u) -- C:\Windows\씵知ﵰuﲘu

========== Alternate Data Streams ==========

@Alternate Data Stream - 266 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:64FFFDC8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
------------------------------------------------------------------------------


OTL Extras logfile created on: 09/08/2012 10:56:23 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 72.44% Memory free
7.00 Gb Paging File | 5.99 Gb Available in Paging File | 85.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 107.05 Gb Free Space | 63.72% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 47.83 Gb Free Space | 36.77% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 383.50 Gb Free Space | 41.17% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 227.30 Gb Free Space | 48.80% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Browse with XnView] -- "C:\Users\ADMINI~1\AppData\Local\Temp\7zO4D9D.tmp\xnview.exe" "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09824A95-DA00-4011-B21B-6F4796A3E61F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0986F084-2C46-4D25-9F14-237FF88EDAF4}" = rport=139 | protocol=6 | dir=out | app=system |
"{15389AAC-8FB8-47FB-A6CB-19E0DB63FCFE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1CBAC39E-7999-441B-8CDE-E48A862F8E2E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2BE56047-8F7E-48AB-8ECF-48BDCD43F916}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35D49BBD-8C77-4D50-9DC4-9CF15CC938AE}" = lport=94 | protocol=6 | dir=out | app=c:\program files\nch software\vrs\vrs.exe |
"{3FF5EA31-8310-4907-8D36-A0E2BE8B8A18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{46B4BEA4-0EEB-4C8F-881B-1EBA33D1BDE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C72D63A-657D-4E98-A44C-6D73C45DAFD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DA9B0BA-3849-470A-BA46-FEAD3F7FA8A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E80A86F-4539-40B4-804F-9C26580A95E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6E733705-D08F-46B5-88E3-B15F36902865}" = rport=137 | protocol=17 | dir=out | app=system |
"{89B865DA-A2FC-4DA5-9826-65F025AF0C02}" = lport=137 | protocol=17 | dir=in | app=system |
"{8CC1DE3A-04E8-4DEB-87CC-BBB7F4BCD73E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9F22F7D3-52DF-4D21-9B20-3F7F7EDBEE75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A8E8DA49-1870-40C6-A1AF-C5CDEB74E9F1}" = lport=94 | protocol=6 | dir=in | app=c:\program files\nch software\vrs\vrs.exe |
"{C6A44285-5A1E-48EB-8D96-CF82F381E1F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CEA4879D-58E1-4DFC-B8DA-7A27D95EE656}" = lport=445 | protocol=6 | dir=in | app=system |
"{D0A4DFAF-6D72-4D21-9B33-EA163EFBA73F}" = lport=138 | protocol=17 | dir=in | app=system |
"{E2DD43D7-57AB-4D73-9ADB-DB4438072BB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7BA2383-F345-4D19-BFB2-37072EC4E043}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB9EEF6E-AB31-4554-A9C3-59EE62E60E01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F320DD6C-D741-4D03-8F79-A7001FBF705C}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCA0159A-ED5E-40AC-9054-52A23E3B21AF}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B7A294-B9B6-4069-8FB9-88919F873945}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{17037A3C-430F-465A-8447-B1F3ADAA31C2}" = protocol=17 | dir=in | app=c:\program files\satsuki decoder pack\mpc\mplayerc.exe |
"{2CB24AB2-CE24-46A0-91CD-72A45A085BB3}" = protocol=6 | dir=in | app=c:\program files\satsuki decoder pack\mpc\mplayerc.exe |
"{3268C3F5-5DDF-4E11-8941-4B008935E627}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe |
"{4B6686AF-1906-4DA6-8DCB-F73CC503CF65}" = protocol=58 | dir=out | [email protected],-28546 |
"{4CB308E4-407E-4AC5-AFCB-3CCFDAA6F567}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe |
"{4E5106B1-7BF3-4837-A38C-C2F17F3D638B}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\sysrescue.exe |
"{5A004625-2E48-4863-A9AA-62E61B655D74}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{634B2AFB-0335-4B0E-8C70-7ADF2ACC20B8}" = protocol=6 | dir=in | app=c:\program files\webroot\webrootsecurity\spysweeperui.exe |
"{67FC93F2-22D2-4623-A657-B66E1E53CD02}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\sysrescue.exe |
"{6BD7C42A-487F-43DE-8D02-C57D549B0DBF}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{7FDA74E6-CFCB-4DCF-B716-DCF372470561}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{8346F2CF-4BD7-4EDE-B6E9-77C7F796B39F}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\egui.exe |
"{87E73C11-4054-4756-A2E1-A91934ADCF56}" = protocol=17 | dir=in | app=c:\program files\webroot\webrootsecurity\spysweeperui.exe |
"{89FB2D6B-8967-4275-9906-C0788C8CA1A7}" = protocol=17 | dir=in | app=c:\program files\utorrentportable\utorrentportable.exe |
"{98BAB0D0-1D7C-4A4E-966B-2FBF0E72B6BF}" = protocol=1 | dir=out | [email protected],-28544 |
"{9D27373E-F94D-4DD7-9251-04E158358BC3}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{AC373836-2F29-472A-A3C1-6D1C8CD55063}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBA7277B-0797-4BBD-AC12-AF8E0144F412}" = protocol=58 | dir=in | [email protected],-28545 |
"{C5C67A5C-9D4A-42A2-B1C4-E9F55E9494A9}" = protocol=1 | dir=in | [email protected],-28543 |
"{C79308BE-DC72-4C99-99C2-C70B8284AE67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6FE546B-CEE6-4736-98AC-8EA432E51671}" = protocol=6 | dir=in | app=c:\program files\utorrentportable\utorrentportable.exe |
"{DC7BD124-950D-4803-AA57-DFD930BE72CE}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{E04A34DD-B60D-463E-BD1A-38CEB491D848}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\egui.exe |
"{E3566F2C-10A6-4CAB-A528-8F7A8EA50C18}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{383B557D-16FC-4C26-8D6F-D59324D04906}C:\program files\utorrentportable\app\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrentportable\app\utorrent\utorrent.exe |
"TCP Query User{9F945979-A8B0-4ECB-9311-0640A137A76D}C:\users\administrator\appdata\local\temp\nslda49.tmp\setup.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\nslda49.tmp\setup.exe |
"UDP Query User{5380B1D0-0B6E-4E0B-9F0E-F9937DB8E733}C:\program files\utorrentportable\app\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrentportable\app\utorrent\utorrent.exe |
"UDP Query User{5E6CC548-4B4F-4DA8-AC87-DD694CE0DCC7}C:\users\administrator\appdata\local\temp\nslda49.tmp\setup.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\nslda49.tmp\setup.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B568643E-076D-48A2-B5C3-7F0144D668D8}" = Paradox
"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}" = Microsoft Server Speech Platform Runtime (x86)
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 5
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu for Office 2007 v5.20
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-790CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics
"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A946A6CC-E9F2-44A8-9A8D-095C756AF4EB}" = Microsoft Speech Platform SDK (x86) v11.0
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B568643E-076D-48A2-B5C3-7F0144D668D8}" = Paradox
"{B62C4524-41B5-4E65-952B-36AEC51E3F55}" = WordPerfect Office X5
"{C507B0CC-BA89-4479-B3CA-E553E5D19548}" = Microsoft Office Professional Edition 2003 Plus Languages (VMware ThinApp)
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools
"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP
"{DE1DDAC8-0451-4F16-B63D-B72FBCBC9BF6}" = Febooti fileTweak Hash and CRC
"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters
"{E6A4E6CD-B92C-4CFD-AEE9-97D361B4CE25}_is1" = TypeIt ReadIt 1.6
"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"7-zip" = 7-zip v9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.7.139
"DeleteProdVV2000Full_US" = IBM ViaVoice Pro - US English
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn Disc Burning Software
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HashTab" = HashTab 4.0.0.2
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PE Builder_is1" = PE Builder 3.1.10a
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Sandboxie" = Sandboxie 3.72 (32-bit)
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"Security Task Manager" = Security Task Manager 1.8d
"Soulseek2" = SoulSeek 157 NS 13e
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WebcamMax" = WebcamMax
"WindowsScriptHost" = Microsoft Windows Script Host
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/08/2012 2:07:39 AM | Computer Name = Khan | Source = MsiInstaller | ID = 11922
Description = Application: Kaspersky Security Scan -- Error 1922. Service Kaspersky
Security Scan Service (KSS) could not be deleted. Verify that you have sufficient
privileges to remove system services.

Error - 01/08/2012 2:20:25 AM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: MSONSEXT.DLL, version: 11.0.6715.60,
time stamp: 0x43306199 Exception code: 0xc0000005 Fault offset: 0x00053555 Faulting
process id: 0x4a8 Faulting application start time: 0x01cd6faccf9d79df Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Report
Id: faac05ec-dba0-11e1-8e38-001a4d5634f4

Error - 01/08/2012 2:51:39 AM | Computer Name = Khan | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often
caused by incorrect security settings in either the writer or requestor process.


Operation:

Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer Writer Instance ID: {8c4d64d3-f62d-4ab8-92b1-40bb1dac5164}

Error - 01/08/2012 6:03:25 PM | Computer Name = Khan | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often
caused by incorrect security settings in either the writer or requestor process.


Operation:

Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer Writer Instance ID: {47481c23-62b6-4af6-af90-d1fd16d87bea}

Error - 01/08/2012 8:21:39 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 02/08/2012 8:16:56 PM | Computer Name = Khan | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often
caused by incorrect security settings in either the writer or requestor process.


Operation:

Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer Writer Instance ID: {72aca468-8625-4019-a730-94d08b2efb47}

Error - 03/08/2012 10:32:56 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 03/08/2012 8:46:34 PM | Computer Name = Khan | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary NetIO Legacy TDI Support Driver. System Error: The system cannot find the
file specified. .

Error - 03/08/2012 8:46:35 PM | Computer Name = Khan | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service WinHTTP Web Proxy Auto-Discovery Service since QueryServiceConfig API
failed System Error: The system cannot find the file specified. .

Error - 03/08/2012 8:57:39 PM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: sechost.dll, version: 6.1.7600.16385, time
stamp: 0x4a5bdb04 Exception code: 0xc0000005 Fault offset: 0x000075b5 Faulting process
id: 0x3dc Faulting application start time: 0x01cd71dc0638976b Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\sechost.dll
Report
Id: 62f58a93-ddcf-11e1-96cf-001a4d5634f4

[ OSession Events ]
Error - 01/02/2012 8:09:29 PM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 648
seconds with 300 seconds of active time. This session ended with a crash.

Error - 06/06/2012 8:13:04 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14/07/2012 2:56:05 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 69040
seconds with 3180 seconds of active time. This session ended with a crash.

Error - 29/07/2012 9:03:44 PM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 375
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 08/08/2012 7:49:48 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7003
Description = The DNS Client service depends the following service: Tdx. This service
might not be installed.

Error - 08/08/2012 7:49:48 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%2

Error - 08/08/2012 7:49:49 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7003
Description = The DNS Client service depends the following service: Tdx. This service
might not be installed.

Error - 08/08/2012 7:49:49 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%2

Error - 08/08/2012 7:51:45 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 08/08/2012 7:51:45 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056

Error - 08/08/2012 7:52:12 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%2 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 08/08/2012 7:52:12 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 08/08/2012 7:52:21 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7003
Description = The DNS Client service depends the following service: Tdx. This service
might not be installed.

Error - 08/08/2012 7:52:22 PM | Computer Name = Khan | Source = Service Control Manager | ID = 7023
Description = The IPsec Policy Agent service terminated with the following error:
%%2


< End of report >
---------------------------------------------------------------------------------------


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {863964FD-CACC-4A23-9A88-43DEE72A1E17}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{863964FD-CACC-4A23-9A88-43DEE72A1E17}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-2411852452-117403543-12125213</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>P35-DS3P</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F9</Version><SMBIOSVersion major="2" minor="4"/><Date>20080102000000.000000+000</Date></BIOS><HWID>251C3C07018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>E. Australia Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57587</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>64BC76978749586</Val><Hash>GW6PzcEVEDTVKeO5Ym5UUm41dBk=</Hash><Pid>89388-707-0441865-65552</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-3412011
Installation ID: 007011537030176551907600596563190170449503271404143673
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 09/08/2012 1:08:20 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:18:2012 19:02
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEA6GHOF5Z3Qtc67AiFwo/QizqE8q6SvCqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
SSDT PmRef Cpu0Ist
SSDT PmRef Cpu0Ist
SLIC ACRSYS ACRPRDCT
----------------------------------------------------------------------------------



Windows Validation Check
Version: 1.9.12.5
Log Created On: 1313_09-08-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2012-08-03 23:35:16
Last Success Time for Update Download: 2012-07-30 01:00:50
Last Success Time for Update Installation: 2012-07-30 01:07:47


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 20/1/2012 15:47:29
Modification; 20/11/2010 22:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 9:36:22
Modification; 14/7/2009 11:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 20/1/2012 15:47:29
Modification; 20/11/2010 22:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows.old\Windows\System32\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 9:36:22
Modification; 14/7/2009 11:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 9:36:22
Modification; 14/7/2009 11:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
D:\Users\DII\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2ZKF0QJ\Windows_7_crack_RemoveWAT_2.2.5.Hazar_carter67.5396034.TPB.torrent
Size: 1715 bytes
Creation; 7/11/2011 21:41:16
Modification; 7/11/2011 21:41:17
MD5; b9b391ea326a85a928efba6d6c76cc94
Matched: *removewat*
-----------------------
D:\Users\DII\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G2ZKF0QJ\Windows_7_crack_RemoveWAT_2.2.5.Hazar_carter67.5396034.TPB.torrent
Size: 1715 bytes
Creation; 7/11/2011 21:41:16
Modification; 7/11/2011 21:41:17
MD5; b9b391ea326a85a928efba6d6c76cc94
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
D:\Users\DII\AppData\Roaming\uTorrent\RemoveWAT.2.2.5.Hazar.carter67.rar.1.torrent
Size: 1715 bytes
Creation; 3/8/2011 10:43:4
Modification; 3/8/2011 10:42:47
MD5; b9b391ea326a85a928efba6d6c76cc94
Matched: *removewat*
-----------------------
D:\Users\DII\AppData\Roaming\uTorrent\RemoveWAT.2.2.5.Hazar.carter67.rar.torrent
Size: 1715 bytes
Creation; 1/6/2011 9:44:23
Modification; 1/6/2011 9:43:45
MD5; b9b391ea326a85a928efba6d6c76cc94
Matched: *removewat*
-----------------------
D:\Users\DII\AppData\Roaming\uTorrent\Windows.7.Anytime.Upgrade.Keygen.rar.torrent
Size: 437 bytes
Creation; 15/10/2011 23:34:51
Modification; 15/10/2011 23:34:43
MD5; e2d99d75ee553feabfd27aaaaf8d6a04
Matched: The words 'windows' and 'keygen' in one sentence.
-----------------------
D:\Windows\System32\slwga.dll
Size: 12288 bytes
Creation; 16/5/2011 2:26:42
Modification; 11/4/2009 16:28:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
D:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6000.16386_none_4c10a7ebfcbfa7c3\slwga.dll
Size: 12288 bytes
Creation; 2/11/2006 18:44:14
Modification; 2/11/2006 19:46:13
MD5; b39f1844ad6c656f64acd32caee72caa
Matched: slwga.dll
-----------------------
D:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 10/5/2011 2:21:6
Modification; 19/1/2008 17:36:30
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
D:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_5032e2f3f6cc83e3\slwga.dll
Size: 12288 bytes
Creation; 16/5/2011 2:26:42
Modification; 11/4/2009 16:28:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
F:\NEW PROGRAMS\ALL WEB PAGES\17938-GUIDE-How-to-really-run-Windows-7-forever-without-applying-any-cracks.htm
Size: 139940 bytes
Creation; 11/11/2011 0:19:58
Modification; 11/11/2011 0:20:26
MD5; 2d4fbb03652badcc4001c7e5ef181b11
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
F:\NEW PROGRAMS\ALL WEB PAGES\GUIDE How to really run Windows 7 forever without applying any cracks.htm
Size: 112508 bytes
Creation; 18/5/2012 22:58:46
Modification; 18/5/2012 22:58:49
MD5; de16f3ab7a27415426c9cf50b510f626
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
F:\NEW PROGRAMS\ALL WEB PAGES\Windows 7 crack RemoveWAT 2_2_5_Hazar carter67 (download torrent) - TPB_Hazar_carter67.mht
Size: 318662 bytes
Creation; 1/6/2011 9:43:5
Modification; 1/6/2011 9:43:7
MD5; 1dea5e877eec266990dbbcd1245de0c4
Matched: *removewat*
-----------------------
F:\NEW PROGRAMS\ALL WEB PAGES\Windows 7 crack RemoveWAT 2_2_5_Hazar carter67 (download torrent) - TPB_Hazar_carter67.mht
Size: 318662 bytes
Creation; 1/6/2011 9:43:5
Modification; 1/6/2011 9:43:7
MD5; 1dea5e877eec266990dbbcd1245de0c4
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
F:\NEW PROGRAMS\ALL WEB PAGES\Windows.7.Anytime.Upgrade.Keygen.htm
Size: 15399 bytes
Creation; 15/10/2011 23:34:33
Modification; 15/10/2011 23:34:35
MD5; 16955c0de9977187b1f0ad5c4605d5d4
Matched: The words 'windows' and 'keygen' in one sentence.
-----------------------
F:\NEW PROGRAMS\REMOVE\RemoveWAT.2.2.5.Hazar.carter67.rar
Size: 3949724 bytes
Creation; 1/6/2011 10:7:40
Modification; 1/6/2011 10:8:13
MD5; 253a6cd45b2e258633aed2d47d63a6e3
Matched: *removewat*
-----------------------
F:\NEW PROGRAMS\WINDOWS\RemoveWAT.2.2.5.Hazar.carter67.rar
Size: 3949724 bytes
Creation; 3/8/2011 10:43:17
Modification; 3/8/2011 10:43:51
MD5; 253a6cd45b2e258633aed2d47d63a6e3
Matched: *removewat*
-----------------------
F:\NEW PROGRAMS\WINDOWS\Windows.7.Anytime.Upgrade.Keygen.rar
Size: 46402 bytes
Creation; 23/10/2011 12:16:54
Modification; 23/10/2011 12:16:54
MD5; 82ab483b4a27be8cfb3ee9658fa0e8ee
Matched: The words 'windows' and 'keygen' in one sentence.
-----------------------
F:\NEW PROGRAMS\WINDOWS\Remove Win7 Not Genuine\RemoveWAT.exe
Size: 6663680 bytes
Creation; 3/8/2011 10:52:20
Modification; 3/8/2011 10:54:9
MD5; a5f0c80ff93cabb5ae41b6f74a0ed20a
Matched: *removewat*
-----------------------
F:\NEW PROGRAMS\WINDOWS\XP-VISTA WIN\Windows Vista Ultimate SP1 RUS-ENG x86-x64 -4in1- Activated (AIO (download torrent) - TPB.htm
Size: 30032 bytes
Creation; 10/5/2009 9:7:36
Modification; 10/5/2009 9:7:40
MD5; 8dafac7467c0d269d188fbe92017186b
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
F:\NEW PROGRAMS\WINDOWS\XP-VISTA WIN\Windows Vista Ultimate SP1 RUS-ENG x86-x64 -4in1- Activated (AIO (download torrent) - TPB.htm
Size: 30032 bytes
Creation; 10/5/2009 9:7:36
Modification; 10/5/2009 9:7:40
MD5; 8dafac7467c0d269d188fbe92017186b
Matched: The words 'Vista' and 'activated' in one sentence.
-----------------------
F:\NEW PROGRAMS\WINDOWS\XP-VISTA WIN\Windows_Vista_Ultimate_SP1_RUS-ENG_x86-x64_-4in1-_Activated_(AIO.4719161.TPB.torrent
Size: 21036 bytes
Creation; 10/5/2009 9:9:54
Modification; 10/5/2009 9:19:19
MD5; fc9069c6b9d449bf2a9ace24c4d53e56
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
F:\NEW PROGRAMS\WINDOWS\XP-VISTA WIN\Windows_Vista_Ultimate_SP1_RUS-ENG_x86-x64_-4in1-_Activated_(AIO.4719161.TPB.torrent
Size: 21036 bytes
Creation; 10/5/2009 9:9:54
Modification; 10/5/2009 9:19:19
MD5; fc9069c6b9d449bf2a9ace24c4d53e56
Matched: The words 'Vista' and 'activated' in one sentence.
-----------------------
F:\NEW PROGRAMS\WINDOWS\XP-VISTA WIN\Windows_Vista_Ultimate_SP1_RUS-ENG_x86-x64_-4in1-_Activated_(AIO.htm
Size: 27367 bytes
Creation; 10/5/2009 9:18:15
Modification; 10/5/2009 9:18:15
MD5; b3fdd14102e834a9eedeb2fc21f5e9c4
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
F:\NEW PROGRAMS\WINDOWS\XP-VISTA WIN\Windows_Vista_Ultimate_SP1_RUS-ENG_x86-x64_-4in1-_Activated_(AIO.htm
Size: 27367 bytes
Creation; 10/5/2009 9:18:15
Modification; 10/5/2009 9:18:15
MD5; b3fdd14102e834a9eedeb2fc21f5e9c4
Matched: The words 'Vista' and 'activated' in one sentence.
-----------------------
F:\NEW PROGRAMS\WINDOWS\XP-VISTA WIN\XPKey.exe
Size: 49152 bytes
Creation; 20/10/2011 22:11:56
Modification; 20/10/2011 22:11:56
MD5; 4345bb04307870d17c6f44893a81f85e
Matched: xpkey.exe
-----------------------
F:\Recov Data\GetDatabak\[NTFS]\Saved from C\PJMM\Recent\Windows Genuine Advantage Validation v1.9.9.1 (WGA) CRACKED.lnk
Size: 1445 bytes
Creation; 3/10/2010 12:48:12
Modification; 9/3/2010 0:50:54
MD5; 5f028c1d67bca23731314c24df3dfd00
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
G:\DOCUMENTI di Pietro\LA MUSICA di Pietro\My Playlists 2\la lira d'espéria (jordi savall, 2002) [x] (Capitan Nemo)\La Lira d'Espéria - 01. Rotundellus, Cantiga 105.mp3
Size: 5383314 bytes
Creation; 26/3/2008 1:30:0
Modification; 27/2/2007 5:14:34
MD5; cb0d821e34ad285a03a89d495e939b13
Matched: *AntiGA*
-----------------------
G:\DOCUMENTI di Pietro\LA MUSICA di Pietro\PROGRAMS\windows_xp_pro_or_office-xp_keygen_computes_unique_cd-keys\XPKey.exe
Size: 49152 bytes
Creation; 24/1/2007 2:17:46
Modification; 24/1/2007 2:18:1
MD5; a004f12075ca2946995262346cc8131e
Matched: xpkey.exe
-----------------------
G:\DOCUMENTI di Pietro\LA MUSICA di Pietro\PROGRAMS\[ebook] (os) how to install xp service pack 1 on pirate xp pro (with key modifier) (713 TSB)\windows_xp_pro_or_office-xp_keygen_computes_unique_cd-keys\XPKey.exe
Size: 49152 bytes
Creation; 17/12/2006 16:11:9
Modification; 17/12/2006 15:52:6
MD5; a004f12075ca2946995262346cc8131e
Matched: xpkey.exe
-----------------------
G:\Important Programs\AVAgent\Windows xp (Sp1 an Sp2) unlidmited open download-crack-by kml.rar
Size: 5658 bytes
Creation; 11/4/2007 20:57:11
Modification; 11/4/2007 20:57:12
MD5; e7d21757f55f4585e54f3b289462b2b5
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
G:\Important Programs\Programs\CRACK\Microsoft[1].Windows.Vista.FINAL.Crack.zip
Size: 165942 bytes
Creation; 14/6/2007 18:46:33
Modification; 14/6/2007 18:46:36
MD5; 566cb7fdfd6e3193d2822f7407e9a0c8
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
G:\Important Programs\Programs\CRACK\Microsoft[1].Windows.Vista.RTM.Activation.Crack.zip
Size: 238924 bytes
Creation; 14/6/2007 18:52:50
Modification; 14/6/2007 18:52:55
MD5; 0e7e99446a13598da1fa27a7c55728c8
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
G:\Important Programs\Programs\CRACK\Microsoft[1].Windows.Vista.RTM.PROPER.Activation.Crack.zip
Size: 171104 bytes
Creation; 14/6/2007 18:54:6
Modification; 14/6/2007 18:54:9
MD5; 37da76c510140f38d5a07be34b5225eb
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
G:\Important Programs\Programs\CRACK\Windows[1].Vista.FINAL.Crack.raVen.zip
Size: 0 bytes
Creation; 14/6/2007 18:55:17
Modification; 14/6/2007 18:55:17
MD5; d41d8cd98f00b204e9800998ecf8427e
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------


WVCheck's Dir Dump
-----------------------
F:\NEW PROGRAMS\ALL WEB PAGES\17938-GUIDE-How-to-really-run-Windows-7-forever-without-applying-any-cracks_files
Size: 0 bytes
Creation; 11/11/2011 0:19:58
Modification; 11/11/2011 0:20:6
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
F:\NEW PROGRAMS\ALL WEB PAGES\GUIDE How to really run Windows 7 forever without applying any cracks_files
Size: 0 bytes
Creation; 18/5/2012 22:58:49
Modification; 18/5/2012 22:58:49
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
F:\NEW PROGRAMS\ALL WEB PAGES\Windows.7.Anytime.Upgrade.Keygen_files
Size: 0 bytes
Creation; 15/10/2011 23:34:34
Modification; 15/10/2011 23:34:35
Matched: The words 'windows' and 'keygen' in one sentence.
-----------------------
F:\NEW PROGRAMS\WINDOWS\Microsoft Windows XP Professional service pack 2 EXTREME PERFORMANCE +WGA\Windows Genuine Advantage Validation v1.9.9.1 (WGA) CRACKED
Size: 0 bytes
Creation; 3/10/2010 12:48:36
Modification; 29/3/2011 23:37:30
Matched: The words 'windows' and 'crack' in one sentence.
-----------------------
F:\NEW PROGRAMS\WINDOWS\XP-VISTA WIN\Windows Vista Ultimate SP1 RUS-ENG x86-x64 -4in1- Activated (AIO (download torrent) - TPB_files
Size: 0 bytes
Creation; 10/5/2009 9:7:38
Modification; 21/4/2011 23:2:29
Matched: The words 'activated' and 'windows' in one sentence.
-----------------------
F:\NEW PROGRAMS\WINDOWS\XP-VISTA WIN\Windows Vista Ultimate SP1 RUS-ENG x86-x64 -4in1- Activated (AIO (download torrent) - TPB_files
Size: 0 bytes
Creation; 10/5/2009 9:7:38
Modification; 21/4/2011 23:2:29
Matched: The words 'Vista' and 'activated' in one sentence.
-----------------------
G:\DOCUMENTI di Pietro\LA MUSICA di Pietro\PROGRAMS\windows_xp_pro_or_office-xp_keygen_computes_unique_cd-keys
Size: 0 bytes
Creation; 13/2/2007 17:43:50
Modification; 13/2/2007 17:43:50
Matched: The words 'windows' and 'keygen' in one sentence.
-----------------------
G:\DOCUMENTI di Pietro\LA MUSICA di Pietro\PROGRAMS\[ebook] (os) how to install xp service pack 1 on pirate xp pro (with key modifier) (713 TSB)\windows_xp_pro_or_office-xp_keygen_computes_unique_cd-keys
Size: 0 bytes
Creation; 17/12/2006 16:11:9
Modification; 17/12/2006 16:11:9
Matched: The words 'windows' and 'keygen' in one sentence.
-----------------------


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - f1dd3acaee5e6b4bbc69bc6df75cef66


-------- End of File, program close at 1336_09-08-2012 --------
-------------------------------------------------------------------------------



I want to attach some screen shot, but am not able to
  • 0

#51
CompCav
Posted 09 August 2012 - 10:28 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
The logs clearly show a cracked version of your software.

Hi,

The use of Keygens and Cracks inevitably leads to infection. Further, it is contrary to this sites Terms of Use. If you persist in their use you will no-longer receive help from this site in the future.

Go here to read Geekstogo Terms of Use and note in particular article 4 the items Illegal and Infringing of intellectual property rights (such as copyright and trademark rights).

While we understand that you may not have been aware, your copy of Windows is not legitimate. Unfortunately, we are unable to help you any further on this site, as we adhere to a strict policy of only helping people who have legitimate copies of Windows. Thank you for understanding.

Microsoft has a program for people who unknowingly receive counterfeit software:


Q:
What are the details of the genuine Windows offer?
A:

To help customers who unknowingly purchased a counterfeit version of Windows XP, Microsoft has created two genuine Windows offers for those who qualify:

* Complimentary offer: Microsoft will make a complimentary copy of Windows XP available to customers who have been sold counterfeit Windows. Customers will be required to submit a proof of purchase, the counterfeit CD, and a counterfeit report with details of their purchase. Only high-quality counterfeit Windows will qualify for the complimentary offer.
* Electronic License Key Offer: Microsoft will offer an alternative for customers who find out via the WGA validation process that they are not running genuine Windows, but do not qualify for, or choose not to take advantage of, the complimentary offer. These customers will be able to license a Windows Genuine Advantage Kit for Windows XP directly from Microsoft for a special on-line purchase price. The Windows Genuine Advantage Kit for Windows XP will include a new 25-character Product Key and a Windows Product Key Update tool that will allow customers to convert their counterfeit copy to genuine Windows XP electronically.


Sorry,

CompCav
  • 0

#52
diinovo
Posted 09 August 2012 - 11:23 PM

diinovo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Dear CompCav,

I thoth that I had remoevd them all I will search again if there are more, I will follow you advice
Thank you for your help
  • 0

#53
CompCav
Posted 13 August 2012 - 01:46 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP