Alrighty. Here are a the 3 logs. Will run scan tonight and post results tomorrow or late tonight. Nice Job Ron! Thanks!!
OTL logfile created on: 10/3/2012 8:13:00 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\JayLi\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: | Country: | Language: | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.93% Memory free
4.00 Gb Paging File | 2.97 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 15.27 Gb Free Space | 20.51% Space Free | Partition Type: NTFS
Computer Name: LISETTEMILLER | User Name: JayLi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/10/03 19:09:38 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/12 08:40:34 | 000,417,792 | ---- | M] (SA International) -- C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe
PRC - [2011/10/12 08:38:38 | 000,077,824 | ---- | M] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
PRC - [2011/10/12 08:28:36 | 000,065,536 | ---- | M] (SA International) -- C:\Windows\System32\SAiAdmin.exe
PRC - [2011/05/27 01:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2009/10/17 03:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2007/12/19 15:58:32 | 000,086,016 | R--- | M] (SA International) -- C:\Windows\System32\SAiLicSvr.exe
========== Modules (No Company Name) ========== MOD - [2012/09/05 21:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/08/16 20:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/30 20:01:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/12 08:40:34 | 000,417,792 | ---- | M] (SA International) [Auto | Running] -- C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe -- (SAiDownloader)
SRV - [2011/10/12 08:38:38 | 000,077,824 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiDownloaderVista.exe -- (SAiDownloaderVista)
SRV - [2011/10/12 08:28:36 | 000,065,536 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiAdmin.exe -- (SAiAdmin)
SRV - [2011/05/27 01:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/10/17 03:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 09:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 15:58:32 | 000,086,016 | R--- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiLicSvr.exe -- (SAiLicSvr)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 05:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/27 07:05:08 | 000,041,896 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2011/03/18 09:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 09:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/17 03:41:16 | 000,450,248 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/10/14 09:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/10/14 09:29:48 | 000,035,448 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2009/10/12 21:15:28 | 000,305,168 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/12 21:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 7C F6 9F DC A0 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/10/01 18:13:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/01 18:13:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/10/01 18:13:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/01 20:22:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/22 01:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/09/30 11:23:15 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012/09/30 11:23:15 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/09/22 01:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 21:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/10/03 07:44:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35048641-5242-4676-B360-E7CF5876E6E2}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpReg:
Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg:
Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig - StartUpReg:
APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg:
AVG_TRAY - hkey= - key= - File not found
MsConfig - StartUpReg:
Google Update - hkey= - key= - File not found
MsConfig - StartUpReg:
PWRISOVM.EXE - hkey= - key= - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg:
QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg:
SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
uTorrent - hkey= - key= - File not found
MsConfig - StartUpReg:
ZoneAlarm Client - hkey= - key= - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WRkrn - Driver
SafeBootNet: WRSVC - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS
http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/10/03 19:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/10/03 07:12:55 | 000,000,000 | ---D | C] -- C:\RegBack
[2012/10/03 07:12:55 | 000,000,000 | ---D | C] -- \RegBack
[2012/10/01 20:37:47 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/10/01 20:37:47 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/10/01 20:37:47 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/10/01 20:37:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/01 20:37:28 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/01 20:37:28 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Templates
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Start Menu
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\SendTo
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Recent
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\PrintHood
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\NetHood
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\My Documents
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Local Settings
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Cookies
[2012/10/01 20:29:33 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Application Data
[2012/10/01 20:28:58 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Adobe Flash Builder 4.5
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Videos
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Searches
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Saved Games
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Pictures
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Music
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Links
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Favorites
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Downloads
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Documents
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Desktop
[2012/10/01 20:28:56 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Contacts
[2012/10/01 20:28:56 | 000,000,000 | -H-D | C] -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/10/01 20:28:56 | 000,000,000 | -H-D | C] -- C:\Users\JayLi\AppData
[2012/10/01 20:23:34 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/01 20:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/01 20:23:33 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/01 20:23:27 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/10/01 20:23:24 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/01 20:23:21 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/01 20:23:11 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/01 20:22:17 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/01 20:22:16 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/01 20:13:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\MFAData
[2012/09/30 11:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/09/30 11:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/09/30 11:23:15 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012/09/30 11:23:15 | 000,000,000 | ---D | C] -- \Mozilla
[2012/09/30 11:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentControl_v2
[2012/09/30 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/09/30 11:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/09/30 10:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/30 04:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/09/30 04:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/30 02:02:14 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2012/09/30 02:02:14 | 000,000,000 | ---D | C] -- \RRTVAULT
[2012/09/25 21:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/24 19:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/24 19:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/24 19:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/24 19:07:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/24 19:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/24 19:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/24 19:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/24 19:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/24 16:41:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/24 16:35:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/24 16:35:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/24 16:35:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/24 16:35:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/24 16:35:05 | 000,000,000 | ---D | C] -- \Qoobox
[2012/09/24 16:34:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/24 13:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/24 13:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/24 13:11:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/24 13:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/24 11:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/24 11:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/23 19:55:20 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2012/09/23 19:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vinyl Express LXi
[2012/09/23 19:52:12 | 000,086,016 | R--- | C] (SA International) -- C:\Windows\System32\SAiLicSvr.exe
[2012/09/23 19:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2012/09/23 19:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SignWarehouse
[2012/09/23 19:48:43 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012/09/23 19:48:43 | 000,077,824 | ---- | C] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
[2012/09/23 19:48:43 | 000,065,536 | ---- | C] (SA International) -- C:\Windows\System32\SAiAdmin.exe
[2012/09/23 19:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SAi
[2012/09/23 19:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\SignWarehouse
[2012/09/23 19:47:05 | 000,014,336 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\HotFldrUI.dll
[2012/09/22 01:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/22 01:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/22 01:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/21 17:09:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%
[2012/09/17 18:58:56 | 000,051,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/16 13:40:17 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/09/16 13:40:17 | 000,000,000 | ---D | C] -- \Recovery
[2012/09/16 13:35:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/09/16 12:59:49 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2012/09/14 05:34:34 | 000,089,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 11:47:22 | 000,164,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/05 19:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/09/05 19:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2012/09/05 17:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Minnetonka Audio Software
[2012/09/05 17:07:00 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/09/05 17:07:00 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/09/05 17:06:48 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/09/05 17:06:48 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/09/05 16:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky SDK
[2012/09/05 16:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2012/09/05 16:46:07 | 000,072,584 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\zllsputility.exe
[2012/09/05 16:46:05 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\kl1.sys
[2012/09/05 16:46:03 | 000,305,168 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/09/05 16:45:46 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll
[2012/09/05 16:45:45 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll
[2012/09/05 16:45:44 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll
[2012/09/05 16:45:38 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll
[2012/09/05 16:45:38 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll
[2012/09/05 16:45:38 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll
[2012/09/05 16:45:37 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll
[2012/09/05 16:45:37 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll
[2012/09/05 16:45:36 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll
[2012/09/05 16:45:26 | 000,450,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2012/09/05 16:45:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2012/09/05 16:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2012/09/05 16:44:59 | 000,620,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll
[2012/09/05 16:44:59 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll
[2012/09/05 16:44:59 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012/09/05 16:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/09/05 16:16:42 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/05 16:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
========== Files - Modified Within 30 Days ========== [2012/10/03 20:02:15 | 000,016,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 20:02:15 | 000,016,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 17:06:38 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/03 17:06:38 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/03 17:01:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/03 17:01:49 | 1609,015,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/03 07:44:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/02 16:29:25 | 000,001,407 | ---- | M] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/01 20:41:14 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/01 20:41:14 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/01 20:36:37 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/01 20:36:31 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/10/01 20:36:31 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/01 20:36:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/01 20:36:28 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/10/01 20:36:28 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/10/01 20:29:36 | 000,001,382 | RHS- | M] () -- C:\Users\JayLi\ntuser.pol
[2012/10/01 20:23:34 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/01 20:23:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/30 02:02:14 | 000,004,131 | ---- | M] () -- C:\ProgramData\ihfeumzb.qzk
[2012/09/24 17:08:36 | 216,684,254 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/24 17:07:20 | 000,000,971 | ---- | M] () -- C:\Windows\System32\userawacs.cfg
[2012/09/24 16:40:06 | 000,000,144 | ---- | M] () -- C:\Windows\System32\pdfl.dat
[2012/09/24 16:15:34 | 000,000,726 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/24 13:11:32 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/24 11:59:56 | 000,000,110 | ---- | M] () -- C:\Windows\System32\usergui.cfg
[2012/09/23 19:56:06 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/09/23 19:56:06 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/09/23 19:45:16 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012/09/22 01:46:38 | 000,001,485 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/09/22 01:28:39 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/16 13:39:50 | 000,040,251 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/09/16 12:59:59 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/09 23:37:00 | 000,000,139 | ---- | M] () -- C:\Windows\System32\devnum.vbs
[2012/09/08 20:54:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\netwin.bat
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/05 19:26:57 | 000,002,162 | ---- | M] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Video Converter Ultimate 6.lnk
[2012/09/05 19:26:57 | 000,002,138 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate 6.lnk
[2012/09/05 18:03:10 | 000,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2012/09/05 18:03:09 | 000,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2012/09/05 18:03:09 | 000,000,205 | ---- | M] () -- C:\Windows\System32\lsprst7.dll
[2012/09/05 18:03:09 | 000,000,073 | ---- | M] () -- C:\Windows\System32\ssprs.dll
[2012/09/05 18:03:09 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.tgz
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\sysprs7.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth2.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | M] () -- C:\Windows\System32\clauth1.dll
[2012/09/05 16:17:23 | 000,000,144 | ---- | M] () -- C:\Windows\System32\lkfl.dat
[2012/09/05 16:17:23 | 000,000,080 | ---- | M] () -- C:\Windows\System32\ibfl.dat
========== Files Created - No Company Name ========== [2012/10/01 20:29:02 | 000,002,162 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Xilisoft Video Converter Ultimate 6.lnk
[2012/10/01 20:29:02 | 000,001,407 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/10/01 20:29:02 | 000,000,290 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/10/01 20:29:02 | 000,000,272 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/10/01 20:28:56 | 000,001,382 | RHS- | C] () -- C:\Users\JayLi\ntuser.pol
[2012/10/01 20:23:34 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/30 02:02:14 | 000,004,131 | ---- | C] () -- C:\ProgramData\ihfeumzb.qzk
[2012/09/24 16:41:42 | 216,684,254 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/24 16:35:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/24 16:35:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/24 16:35:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/24 16:35:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/24 16:35:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/24 13:11:32 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/24 11:59:56 | 000,000,971 | ---- | C] () -- C:\Windows\System32\userawacs.cfg
[2012/09/24 11:59:56 | 000,000,110 | ---- | C] () -- C:\Windows\System32\usergui.cfg
[2012/09/23 19:55:20 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/09/23 19:55:20 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/09/23 19:45:16 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/09/22 01:28:39 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/22 01:28:39 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/16 13:06:08 | 000,000,139 | ---- | C] () -- C:\Windows\System32\devnum.vbs
[2012/09/08 21:28:16 | 000,000,027 | ---- | C] () -- C:\Windows\System32\netwin.bat
[2012/09/08 19:04:43 | 000,000,726 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/05 19:26:57 | 000,002,138 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft Video Converter Ultimate 6.lnk
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.tgz
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2012/09/05 17:53:17 | 000,000,219 | ---- | C] () -- C:\Windows\System32\lsprst7.tgz
[2012/09/05 17:53:17 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2012/09/05 17:53:17 | 000,000,087 | ---- | C] () -- C:\Windows\System32\ssprs.tgz
[2012/09/05 17:53:17 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2012/09/05 17:53:17 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/05 16:45:26 | 000,001,485 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/09/05 16:17:23 | 000,000,144 | ---- | C] () -- C:\Windows\System32\pdfl.dat
[2012/09/05 16:17:23 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2012/09/05 16:17:23 | 000,000,080 | ---- | C] () -- C:\Windows\System32\ibfl.dat
[2012/08/29 22:00:03 | 1609,015,296 | -HS- | C] () -- \hiberfil.sys
========== ZeroAccess Check ========== [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 21:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ========== ========== Drive Information ========== Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MHZ2080BH G2 ATA Device
Partitions: 2
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 74.00GB
Starting Offset: 105906176
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe > < %systemroot%\assembly\GAC_32\*.ini > < %systemroot%\assembly\GAC_64\*.ini > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*.exe >Invalid Environment Variable: APPDATA
< MD5 for: ATAPI.SYS >[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: CSRSS.EXE >[2009/07/13 21:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 21:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe
< MD5 for: EXPLORER.EXE >[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\erdnt\cache\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2008/04/29 11:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe
< MD5 for: MSWSOCK.DLL >[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\erdnt\cache\mswsock.dll
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\System32\mswsock.dll
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
< MD5 for: NAPINSP.DLL >[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
< MD5 for: NLAAPI.DLL >[2009/07/13 21:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\System32\nlaapi.dll
[2009/07/13 21:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
< MD5 for: PNRPNSP.DLL >[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll
< MD5 for: PRINTISOLATIONHOST.EXE >[2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe
< MD5 for: SERVICES.EXE >[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
< MD5 for: SVCHOST.EXE >[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2008/07/01 09:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe
< MD5 for: USER32.DLL >[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\erdnt\cache\user32.dll
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
< MD5 for: USERINIT.EXE >[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WINLOGON.EXE >[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\erdnt\cache\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008/07/01 09:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe
< MD5 for: WINRNR.DLL >[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll
< MD5 for: WSHELPER.DLL >[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll
< C:\Windows\assembly\tmp\U\*.* /s > < %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 21:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 21:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/07/13 21:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemdrive%\$Recycle.Bin|@;true;true;true /fp > ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >
OTL Extras logfile created on: 10/3/2012 8:13:00 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\JayLi\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: | Country: | Language: | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.93% Memory free
4.00 Gb Paging File | 2.97 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 15.27 Gb Free Space | 20.51% Space Free | Partition Type: NTFS
Computer Name: LISETTEMILLER | User Name: JayLi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Unable to open value key
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" [2012/08/29 23:04:18 | 000,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B93E784D-2F82-4350-9B81-4904E8B8DDFC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08CF767A-8D16-42CE-BB7C-9BFFE7B59EE7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2A390C2E-A46A-4689-A84F-79C9D85A97FB}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{30D0DE62-E4D2-47DC-9F0F-DAD2DF64E98A}" = dir=out | app=%programfiles%\zone labs\zonealarm\zlclient.exe |
"{400C0E6E-A22D-4114-94E8-04A689EB30BC}" = dir=out | app=%programfiles%\zone labs\zonealarm\zonealarm.exe |
"{4D9FA906-42E6-4F4F-A1E6-CA63BF2C6D67}" = protocol=17 | dir=in | app=c:\windows\system32\sailicsvr.exe |
"{506865DC-2E44-4CBD-9CC1-3B1222345D78}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5DD8A96E-F8BB-4685-BF69-4E71B2125B08}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app2.exe |
"{769D4FBF-112A-49DB-9054-F16B6791DD9E}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{81C9D12B-25A8-4D5F-8E4D-C3BC550F0478}" = protocol=6 | dir=in | app=c:\windows\system32\sailicsvr.exe |
"{88DADF8B-22F9-4FB6-8800-549F87B89DC1}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app.exe |
"{89AAA4C1-4044-40E8-9035-F971E7E114FA}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app2.exe |
"{8EFDCD72-5A1F-43C1-80C0-2414995A3A19}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{981B7D4B-262A-4D22-AC14-D2C34B519586}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\tftp_client.exe |
"{9ABD715E-684E-4243-89A9-7A65E18F9230}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\tftp_client.exe |
"{A3C74FFA-1BBB-4038-A454-7820203C6B1A}" = dir=out | svc=wuauserv | app=%programfiles%\zone labs\zonealarm\zlclient.exe |
"{A7E19000-9844-43AC-A8BE-59C803B30F97}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app.exe |
"{BFD0D470-C0A4-45CF-9236-F13AAA135BAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D50B6F32-0FD7-49C8-B93F-EEE6F7E3644D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EE374E42-04D3-40AC-87FF-39DBB8A2F661}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2C0E2B08-0991-43DF-9515-77FA4C5A9DD2}" = Adobe Setup
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{38B62043-14E7-4BF2-911B-DFC8F04CA169}" = Vinyl Express LXi
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC14A37-586A-4AB3-A458-874AAE29337C}" = Adobe Setup
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7444785E-886F-4989-A69E-6394E36F3982}" = Sentinel Protection Installer 7.6.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9EA5CC76-8B4D-407B-87F4-DB052978D8A7}" = Adobe Setup
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9307988-3EA8-415E-A91E-0EB1FBF439DA}" = Adobe After Effects CS4 Third Party Content
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B5FCBF46-D2DA-455C-8AB1-148181AEBA14}" = Adobe After Effects CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7E3FF32-7E00-4703-9C34-5777C08A56AA}" = Toon Boom Studio 4.5
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D45B21D2-1ABA-46C4-A226-722DC28EAAC4}" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E528A747-DC66-4FD4-AB53-110D024561CC}" = Adobe Premiere Pro CS4
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_0b36ff97a89684768f1da4defc9f237" = Adobe Encore CS4 Codecs
"Adobe_15f4da9bfad48542a17f089e7c5e0ab" = Adobe After Effects CS4 Third Party Content
"Adobe_1b5a11fde44351ae0f4c7fd0e4daadc" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"Revo Uninstaller" = Revo Uninstaller 1.94
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WM Recorder 14" = WM Recorder 14
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 10/3/2012 1:26:22 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 10/3/2012 3:42:47 PM | Computer Name = LisetteMiller | Source = Application Error | ID = 1000
Description = Faulting application name: unhide.exe, version: 1.9.0.0, time stamp:
0x4f882799 Faulting module name: unhide.exe, version: 1.9.0.0, time stamp: 0x4f882799
Exception
code: 0xc0000005 Fault offset: 0x000131d3 Faulting process id: 0x994 Faulting application
start time: 0x01cda19f42753fec Faulting application path: C:\Users\JayLi\Downloads\unhide.exe
Faulting
module path: C:\Users\JayLi\Downloads\unhide.exe Report Id: 8173b3c8-0d92-11e2-be1c-001a6bf9aff0
Error - 10/3/2012 3:43:11 PM | Computer Name = LisetteMiller | Source = Application Error | ID = 1000
Description = Faulting application name: unhide.exe, version: 1.9.0.0, time stamp:
0x4f882799 Faulting module name: unhide.exe, version: 1.9.0.0, time stamp: 0x4f882799
Exception
code: 0xc0000005 Fault offset: 0x000131d3 Faulting process id: 0xaa8 Faulting application
start time: 0x01cda19f4272cee3 Faulting application path: C:\Users\JayLi\Downloads\unhide.exe
Faulting
module path: C:\Users\JayLi\Downloads\unhide.exe Report Id: 8f9a3182-0d92-11e2-be1c-001a6bf9aff0
Error - 10/3/2012 3:44:00 PM | Computer Name = LisetteMiller | Source = Application Error | ID = 1000
Description = Faulting application name: unhide.exe, version: 1.9.0.0, time stamp:
0x4f882799 Faulting module name: unhide.exe, version: 1.9.0.0, time stamp: 0x4f882799
Exception
code: 0xc0000005 Fault offset: 0x000131d3 Faulting process id: 0x758 Faulting application
start time: 0x01cda19f6f47727e Faulting application path: C:\Users\JayLi\Downloads\unhide.exe
Faulting
module path: C:\Users\JayLi\Downloads\unhide.exe Report Id: ad5ede58-0d92-11e2-be1c-001a6bf9aff0
Error - 10/3/2012 3:44:21 PM | Computer Name = LisetteMiller | Source = Application Error | ID = 1000
Description = Faulting application name: unhide.exe, version: 1.9.0.0, time stamp:
0x4f882799 Faulting module name: unhide.exe, version: 1.9.0.0, time stamp: 0x4f882799
Exception
code: 0xc0000005 Fault offset: 0x000131d3 Faulting process id: 0xd98 Faulting application
start time: 0x01cda19f6f45ebd9 Faulting application path: C:\Users\JayLi\Downloads\unhide.exe
Faulting
module path: C:\Users\JayLi\Downloads\unhide.exe Report Id: b9c9e9f4-0d92-11e2-be1c-001a6bf9aff0
Error - 10/3/2012 4:30:42 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 10/3/2012 4:48:23 PM | Computer Name = LisetteMiller | Source = VSS | ID = 8194
Description =
Error - 10/3/2012 4:53:52 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
Error - 10/3/2012 4:55:57 PM | Computer Name = LisetteMiller | Source = VSS | ID = 8194
Description =
Error - 10/3/2012 5:02:12 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.
[ System Events ]
Error - 10/2/2012 4:49:35 PM | Computer Name = LisetteMiller | Source = DCOM | ID = 10005
Description =
Error - 10/2/2012 4:49:35 PM | Computer Name = LisetteMiller | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).
Error - 10/2/2012 4:49:35 PM | Computer Name = LisetteMiller | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069
Error - 10/2/2012 11:16:06 PM | Computer Name = LisetteMiller | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.
Error - 10/3/2012 2:58:11 AM | Computer Name = LisetteMiller | Source = DCOM | ID = 10010
Description =
Error - 10/3/2012 2:58:44 AM | Computer Name = LisetteMiller | Source = DCOM | ID = 10010
Description =
Error - 10/3/2012 7:44:34 AM | Computer Name = LisetteMiller | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.
[ Windows PowerShell Events ]
Error - 9/21/2012 5:10:41 PM | Computer Name = LisetteMiller | Source = PowerShell | ID = 103
Description =
Error - 9/21/2012 8:10:15 PM | Computer Name = LisetteMiller | Source = PowerShell | ID = 103
Description =
< End of report >
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 66.48 0 K 24 K
procexp.exe 1072 5.85 17,000 K 29,884 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a 3.76 0 K 0 K Hardware Interrupts and DPCs
System 4 1.13 120 K 30,996 K
firefox.exe 2060 3.05 116,508 K 143,416 K Firefox Mozilla Corporation
csrss.exe 564 2.27 1,696 K 7,204 K Client Server Runtime Process Microsoft Corporation
SAiDownloaderVistaUI.exe 1156 1.37 1,268 K 4,060 K SAi Downloader UI SA International
SAiDownloaderVista.exe 1324 1.35 2,388 K 4,012 K SAi Downloader SA International
svchost.exe 2004 0.58 21,124 K 15,836 K Host Process for Windows Services Microsoft Corporation
sntlkeyssrvr.exe 2088 0.46 1,880 K 3,140 K SafeNet, Inc.
svchost.exe 904 0.30 2,768 K 4,804 K Host Process for Windows Services Microsoft Corporation
explorer.exe 3488 0.26 40,372 K 49,868 K Windows Explorer Microsoft Corporation
AvastSvc.exe 1784 0.23 27,516 K 3,364 K avast! Service AVAST Software
AvastUI.exe 2856 0.16 10,920 K 5,476 K avast! Antivirus AVAST Software
SearchIndexer.exe 2144 0.08 54,268 K 45,640 K Microsoft Windows Search Indexer Microsoft Corporation
svchost.exe 1412 0.08 14,944 K 15,660 K Host Process for Windows Services Microsoft Corporation
mbamservice.exe 696 0.07 115,356 K 45,948 K Malwarebytes Anti-Malware Malwarebytes Corporation
svchost.exe 1080 0.06 18,844 K 22,348 K Host Process for Windows Services Microsoft Corporation
vsmon.exe 1496 0.05 20,892 K 16,696 K TrueVector Service Check Point Software Technologies LTD
csrss.exe 504 0.11 1,360 K 2,884 K Client Server Runtime Process Microsoft Corporation
svchost.exe 1252 0.03 6,728 K 9,268 K Host Process for Windows Services Microsoft Corporation
mbamgui.exe 2860 0.03 3,236 K 6,752 K Malwarebytes Anti-Malware Malwarebytes Corporation
wmpnetwk.exe 3252 0.01 3,772 K 2,944 K Windows Media Player Network Sharing Service Microsoft Corporation
WUDFHost.exe 1356 1,096 K 2,448 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
WmiPrvSE.exe 2664 2,144 K 4,800 K WMI Provider Host Microsoft Corporation
winlogon.exe 648 1,672 K 3,612 K Windows Logon Application Microsoft Corporation
wininit.exe 552 932 K 2,692 K Windows Start-Up Application Microsoft Corporation
taskhost.exe 2680 2,444 K 4,760 K Host Process for Windows Tasks Microsoft Corporation
svchost.exe 1048 73,468 K 72,048 K Host Process for Windows Services Microsoft Corporation
svchost.exe 812 2,680 K 5,444 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2844 1,292 K 3,192 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2988 1,476 K 3,852 K Host Process for Windows Services Microsoft Corporation
svchost.exe 972 16,896 K 12,392 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1960 4,696 K 7,768 K Host Process for Windows Services Microsoft Corporation
sppsvc.exe 2120 2,448 K 5,964 K Microsoft Software Protection Platform Service Microsoft Corporation
spoolsv.exe 1920 4,860 K 6,336 K Spooler SubSystem App Microsoft Corporation
smss.exe 420 272 K 676 K Windows Session Manager Microsoft Corporation
services.exe 612 4,244 K 5,712 K Services and Controller app Microsoft Corporation
SAiLicSvr.exe 1448 1,420 K 3,616 K License Server SA International
SAiAdmin.exe 832 880 K 2,864 K SAi Admin SA International
notepad.exe 2052 1,216 K 4,972 K Notepad Microsoft Corporation
notepad.exe 1528 1,608 K 5,376 K Notepad Microsoft Corporation
mbamscheduler.exe 508 1,772 K 3,304 K Malwarebytes Anti-Malware Malwarebytes Corporation
lsm.exe 668 1,404 K 2,644 K Local Session Manager Service Microsoft Corporation
lsass.exe 656 3,076 K 5,908 K Local Security Authority Process Microsoft Corporation
jusched.exe 3100 1,184 K 2,912 K Java Update Scheduler Sun Microsystems, Inc.
ISWSVC.exe 1812 3,496 K 2,492 K ZoneAlarm ForceField Check Point Software Technologies
GrooveMonitor.exe 3328 1,948 K 5,556 K GrooveMonitor Utility Microsoft Corporation
dwm.exe 3368 1,620 K 4,200 K Desktop Window Manager Microsoft Corporation
ctfmon.exe 4088 1,716 K 2,948 K CTF Loader Microsoft Corporation
conhost.exe 3408 1,324 K 4,784 K Console Window Host Microsoft Corporation
cmd.exe 2388 2,144 K 2,912 K Windows Command Processor Microsoft Corporation