Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack.NoFolderOption System Infected HELP


  • This topic is locked This topic is locked

#106
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
All we did was clear the event logs and reboot. The OTL was just a scan and shouldn't make any changes. Certainly nothing should have caused it not to boot. Stick in your disk and tell it to repair it.
  • 0

Advertisements


#107
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
The Startup Repair is running. I tried to cancel it, but the PC says "the current repair cannot be cancelled". Thanks.
  • 0

#108
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
The startup repair finished and pc started. Some of the icons were still missing, MSE needed to be updated and the VEW program and log that I just downloaded for this process was missing. I had to update my code for my internet. I updated MSE, then the windows installer for MS Office started. After that finished, the icons went missing again!! I put the Win 7 disk in, then rebooted F8. It found D drive, then I hit REPAIR. The system repair could not "find" whatever program it needed to repair from the DISK. I cancelled repair and rebooted again, now it's back to startup repair running again. Once this finishes, I'm going to restore it back to the time earlier that it was running perfectly. Should I use the OTL restore point that was created?? I am in total SHOCK right now. It was running perfectly.....
  • 0

#109
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Use any restore point that seems to work. You might try a disk check.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, restart.
  • 0

#110
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
I used the restore point that OTL created. Successful. Then I ran the Chkdsk. Seemed to work, because it ran,then started the computer. I then saw the desktop had hidden folders showing, like desktop.ini and ntuser.dat. I went to folder options panel to hide the files again. I then updated MSE. MY HD has gained a lot of space. It's at 57.6gb Free. Almost 20 gigs since I ran OTL and VEW. However, more problems:

My desktop folder icons have disappeared again. The only folders I can see are MS Office, Adobe, Recycle Bin and Backups.

I clicked on the desktop and a Setup Controller error came up. Then the MS 2007 installer started, but could not completed because of "ERROR 1706.setup cannot find required files. Looking for setup.chm".

On startup, the other User had errors too.

Computer Management is also missing.
I'm afraid to shut it down again.

Edited by Jayli, 06 November 2012 - 04:47 PM.

  • 0

#111
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Can you run VEW?
  • 0

#112
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
VEW is not on the computer anymore. Either is OTL. Disappeared.
  • 0

#113
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
VEW Logs

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 06/11/2012 9:27:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/11/2012 1:55:14 AM
Type: Error Category: 0
Event: 59 Source: SideBySide
Activation context generation failed for "c:\program files\signwarehouse\vinyl express lxi\Program\HSPrinterUI.dll".Error in manifest or policy file "c:\program files\signwarehouse\vinyl express lxi\Program\HSPrinterUI.dll" on line 1. Invalid Xml syntax.

Log: 'Application' Date/Time: 07/11/2012 1:23:22 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 07/11/2012 12:28:05 AM
Type: Error Category: 3
Event: 215 Source: ESENT
WinMail (4544) WindowsMail1: The backup has been stopped because it was halted by the client or the connection with the client failed.

Log: 'Application' Date/Time: 06/11/2012 10:08:58 PM
Type: Error Category: 3
Event: 215 Source: ESENT
WinMail (3584) WindowsMail1: The backup has been stopped because it was halted by the client or the connection with the client failed.

Log: 'Application' Date/Time: 06/11/2012 10:08:56 PM
Type: Error Category: 3
Event: 7042 Source: Microsoft-Windows-Search
The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 06/11/2012 10:08:56 PM
Type: Error Category: 3
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=4400}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 06/11/2012 10:08:56 PM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)


Log: 'Application' Date/Time: 06/11/2012 10:08:56 PM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.

Context: Windows Application

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)


Log: 'Application' Date/Time: 06/11/2012 10:08:56 PM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)


Log: 'Application' Date/Time: 06/11/2012 10:08:56 PM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index data on disk is for the wrong version. (HRESULT : 0xc0041821) (0xc0041821)


Log: 'Application' Date/Time: 06/11/2012 10:08:56 PM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)


Log: 'Application' Date/Time: 06/11/2012 10:08:56 PM
Type: Error Category: 1
Event: 7042 Source: Microsoft-Windows-Search
The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)


Log: 'Application' Date/Time: 06/11/2012 10:08:56 PM
Type: Error Category: 1
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=2801}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)


Log: 'Application' Date/Time: 06/11/2012 10:08:50 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchIndexer.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722 Exception code: 0xc0000005 Fault offset: 0x00009b60 Faulting process id: 0xcd4 Faulting application start time: 0x01cdbc60d584b6cb Faulting application path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: 8ad35a29-285e-11e2-9b18-001a6bf9aff0

Log: 'Application' Date/Time: 06/11/2012 8:59:06 PM
Type: Error Category: 0
Event: 11706 Source: MsiInstaller
Product: Microsoft Office Enterprise 2007 -- Error 1706.Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.

Log: 'Application' Date/Time: 06/11/2012 8:54:51 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 06/11/2012 8:16:15 PM
Type: Error Category: 0
Event: 11706 Source: MsiInstaller
Product: Microsoft Office Enterprise 2007 -- Error 1706.Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.

Log: 'Application' Date/Time: 06/11/2012 8:11:20 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 06/11/2012 7:33:44 PM
Type: Error Category: 0
Event: 11706 Source: MsiInstaller
Product: Microsoft Office Enterprise 2007 -- Error 1706.Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.

Log: 'Application' Date/Time: 06/11/2012 7:32:28 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/11/2012 2:17:50 AM
Type: Information Category: 0
Event: 10001 Source: Microsoft-Windows-RestartManager
Ending session 0 started ?2012?-?11?-?07T02:17:49.975548200Z.

Log: 'Application' Date/Time: 07/11/2012 2:17:49 AM
Type: Information Category: 0
Event: 10000 Source: Microsoft-Windows-RestartManager
Starting session 0 - ?2012?-?11?-?07T02:17:49.975548200Z.

Log: 'Application' Date/Time: 07/11/2012 2:17:50 AM
Type: Information Category: 0
Event: 1042 Source: MsiInstaller
Ending a Windows Installer transaction: {90120000-0030-0000-0000-0000000FF1CE}. Client Process Id: 3528.

Log: 'Application' Date/Time: 07/11/2012 2:17:50 AM
Type: Information Category: 0
Event: 1035 Source: MsiInstaller
Windows Installer reconfigured the product. Product Name: Microsoft Office Enterprise 2007. Product Version: 12.0.6612.1000. Product Language: 0. Manufacturer: Microsoft Corporation. Reconfiguration success or error status: 1602.

Log: 'Application' Date/Time: 07/11/2012 2:17:50 AM
Type: Information Category: 0
Event: 11729 Source: MsiInstaller
Product: Microsoft Office Enterprise 2007 -- Configuration failed.

Log: 'Application' Date/Time: 07/11/2012 2:17:38 AM
Type: Information Category: 0
Event: 1040 Source: MsiInstaller
Beginning a Windows Installer transaction: {90120000-0030-0000-0000-0000000FF1CE}. Client Process Id: 3528.

Log: 'Application' Date/Time: 07/11/2012 2:08:55 AM
Type: Information Category: 0
Event: 9003 Source: Desktop Window Manager
The Desktop Window Manager was unable to start because a composited theme is not in use

Log: 'Application' Date/Time: 07/11/2012 2:08:55 AM
Type: Information Category: 0
Event: 1003 Source: Microsoft-Windows-Security-SPP
The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status=
1: 022a1afb-b893-4190-92c3-8f69a49839fb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 436cef53-8387-4692-bb4a-9492cd82260e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
3: 57a232fe-0931-48fe-9389-e4586967c661, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8, 1, 1 [(0 [0xC004F063, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 [0x00000000, 0, 1], [(?)( 5 0x00000000 30 37620)( 1 0x00000000 0 0 msft:rm/algorithm/flags/1.0 0x00000000 0)(?)(?)(?)])]
5: 8ec16e01-e86f-415f-b333-1819f4145294, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: a0cde89c-3304-4157-b61c-c8ad785d1fad, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
8: b2c4b9f6-3ee6-4a2a-a361-64ad3b61ded5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
9: bba42084-cacd-4ad4-b606-9f3d6c93b2c5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
10: c619d61c-c2f2-40c3-ab3f-c5924314b0f3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
11: cfb3e52c-d707-4861-af51-11b27ee6169c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
12: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
13: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]



Log: 'Application' Date/Time: 07/11/2012 2:08:54 AM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 07/11/2012 2:08:54 AM
Type: Information Category: 0
Event: 4101 Source: Microsoft-Windows-Winlogon
Windows license validated.

Log: 'Application' Date/Time: 07/11/2012 2:07:18 AM
Type: Information Category: 0
Event: 258 Source: Microsoft-Windows-Defrag
The disk defragmenter successfully completed boot optimization on (C:)

Log: 'Application' Date/Time: 07/11/2012 2:01:54 AM
Type: Information Category: 0
Event: 8224 Source: VSS
The VSS service is shutting down due to idle timeout.

Log: 'Application' Date/Time: 07/11/2012 1:52:00 AM
Type: Information Category: 0
Event: 258 Source: Microsoft-Windows-Defrag
The disk defragmenter successfully completed defragmentation on System Reserved

Log: 'Application' Date/Time: 07/11/2012 1:31:52 AM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket , type 0 Event Name: StartupRepairOnline Response: Not available Cab Id: 0 Problem signature: P1: 6.1.7600.16385 P2: 6.1.7600.16385 P3: Dell Inc. P4: 3 P5: 0 P6: AutoFailover P7: 1 P8: CorruptFile P9: P10: Attached files: These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_6.1.7600.16385_b1be75c2e2946c77f91b91631b339f5e1494ab8_0b3d9e51 Analysis symbol: Rechecking for solution: 0 Report Id: e7c09405-287a-11e2-9aac-001a6bf9aff0 Report Status: 6

Log: 'Application' Date/Time: 07/11/2012 1:26:13 AM
Type: Information Category: 0
Event: 1000 Source: Microsoft-Windows-LoadPerf
Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully. The Record Data in the data section contains the new index values assigned to this service.

Log: 'Application' Date/Time: 07/11/2012 1:26:13 AM
Type: Information Category: 0
Event: 1001 Source: Microsoft-Windows-LoadPerf
Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully. The Record Data contains the new values of the system Last Counter and Last Help registry entries.

Log: 'Application' Date/Time: 07/11/2012 1:24:03 AM
Type: Information Category: 0
Event: 902 Source: Microsoft-Windows-Security-SPP
The Software Protection service has started. 6.1.7601.17514

Log: 'Application' Date/Time: 07/11/2012 1:24:03 AM
Type: Information Category: 0
Event: 1003 Source: Microsoft-Windows-Security-SPP
The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status=
1: 022a1afb-b893-4190-92c3-8f69a49839fb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 436cef53-8387-4692-bb4a-9492cd82260e, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
3: 57a232fe-0931-48fe-9389-e4586967c661, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8, 1, 0 [(0 [0xC004F063, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 [0x00000000, 0, 1], [(?)( 5 0x00000000 30 37620)( 1 0x00000000 0 0 msft:rm/algorithm/flags/1.0 0x00000000 0)(?)(?)(?)])]
5: 8ec16e01-e86f-415f-b333-1819f4145294, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: a0cde89c-3304-4157-b61c-c8ad785d1fad, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: ac96e1a8-6cc4-4310-a4ff-332ce77fb5b8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
8: b2c4b9f6-3ee6-4a2a-a361-64ad3b61ded5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
9: bba42084-cacd-4ad4-b606-9f3d6c93b2c5, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
10: c619d61c-c2f2-40c3-ab3f-c5924314b0f3, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
11: cfb3e52c-d707-4861-af51-11b27ee6169c, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
12: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
13: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]



Log: 'Application' Date/Time: 07/11/2012 1:24:03 AM
Type: Information Category: 0
Event: 1033 Source: Microsoft-Windows-Security-SPP
These policies are being excluded since they are only defined with override-only attribute. Policy Names=(IIS-W3SVC-MaxConcurrentRequests) (Microsoft.Windows.Smc-Enabled) (Telnet-Client-EnableTelnetClient) (Telnet-Server-EnableTelnetServer) (TiffIFilterLicensing-EnableTiffIFilter) (nfs-admincmdtools-enabled) (nfs-adminmmc-enabled) (nfs-clientcmdtools-enabled) (nfs-clientcore-enabled) (sua-EnableSUA) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=7cfd4696-69a9-4af7-af36-ff3d12b6b6c8

Log: 'Application' Date/Time: 07/11/2012 1:24:02 AM
Type: Information Category: 0
Event: 1066 Source: Microsoft-Windows-Security-SPP
Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000


```````````````````````

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 06/11/2012 9:23:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/11/2012 1:21:29 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 7:23:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 6:12:16 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/11/2012 2:23:00 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 2:23:00 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 2:23:00 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 2:23:00 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 1:57:59 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Log: 'System' Date/Time: 07/11/2012 1:32:58 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 1:32:58 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 1:32:58 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 1:32:58 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 1:27:57 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Log: 'System' Date/Time: 07/11/2012 1:22:57 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 1:22:57 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 1:22:57 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 1:22:57 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft....5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved

Log: 'System' Date/Time: 07/11/2012 1:22:57 AM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Log: 'System' Date/Time: 07/11/2012 1:21:44 AM
Type: Error Category: 0
Event: 2004 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

Log: 'System' Date/Time: 07/11/2012 12:35:24 AM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 07/11/2012 12:35:24 AM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 07/11/2012 12:27:55 AM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

Log: 'System' Date/Time: 07/11/2012 12:27:54 AM
Type: Error Category: 0
Event: 1012 Source: Microsoft-Windows-DNS-Client
There was an error while attempting to read the local hosts file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/11/2012 1:21:37 AM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 07/11/2012 1:21:37 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 07/11/2012 12:35:25 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 06/11/2012 8:53:12 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 06/11/2012 8:53:08 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 06/11/2012 8:19:55 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 06/11/2012 8:09:37 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 06/11/2012 8:09:33 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 06/11/2012 7:35:12 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 06/11/2012 7:30:41 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 06/11/2012 7:30:39 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\HidUsb failed to load for the device USB\VID_15D9&PID_0A4C\5&1e4dd1e8&0&2.

Log: 'System' Date/Time: 06/11/2012 7:30:39 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\BTHUSB failed to load for the device USB\VID_413C&PID_8140\5&685dc69&0&2.

Log: 'System' Date/Time: 06/11/2012 7:30:38 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 06/11/2012 7:30:08 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 06/11/2012 7:23:30 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 06/11/2012 7:23:26 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 06/11/2012 6:33:56 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 06/11/2012 6:18:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 06/11/2012 6:18:22 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 06/11/2012 6:17:52 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#114
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Corruption is usually caused by a bad hard drive or bad RAM but I thought we had checked for that.

I would turn off Windows Search since it's not working right:

Right click on Computer and select Manage (continue) then Services and Applications then Services. Find Windows Search and right click on it and select Properties. Change the Startup type: to Disabled. Then Apply. Stop the service.

Do you have CCleaner?

Does Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

complete without complaining?
  • 0

#115
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Yes, HD, Memory, etc was tested a few time. 100% Good.

Windows Search stopped and disabled.

Ran sfc /scannow and found no integrity violations.

Yes, I still have CC Cleaner. Anything I should or shouldn't delete?

My desktop folders remain until 5-10 minutes, then disappear. I've been watching and I see the HD light start blinking, then poof they're gone. I looked at Task Mgr and see stuff like Cmd.exe running, GrooveMonitor, msseces.exem, dwm.exe.

Also, I made a Win7 repair disk after I repaired it. ( A few days ago). I inserted it, then rebooted with F8. When the Repair screen comes up, I see a CMD prompt with X:\windows\system32 in the lower left hand corner. Does this help?

Thanks.

Edited by Jayli, 06 November 2012 - 11:52 PM.

  • 0

Advertisements


#116
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Sorry for the delay. Got caught up in the election results.

CCleaner may be responsible for messing up your search:

one of the recent updates changed or added an item labled "MS Search" under 'Applications' > 'Windows'.

Upon unchecking this option in the settings of CCleaner, I am no longer experiencing the symptoms posted above.


Can you run mbrcheck?

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Exit MBRCheck. Do not select any options.

There was an error while attempting to read the local hosts file.



Download HostsXpert from http://www.funkytoad...HostsXpert.zip. Save the file then right click and Extract All. It will create a new folder in the same place. In the folder find HostsXpert.exe and right click on it and Run As Administrator.

It will take a few seconds to appear. If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only? If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file. Click on the Make Read Only? entry then close HostXpert. Run OTL again and let's see if the hosts file is happy now.



I would run some more scans but they will require reboots.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.




I would also uninstall MSSE and install the free Avast and run a boot scan but it will require a reboot or two:

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Uninstall Microsoft Security Essentials

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Text version of the report is at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt
  • 0

#117
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Thanks Ron. Just a side note, I didn't run CCCleaner after I did the inplace Repair. I'm going to run something, then post it here. I will continue to edit this reply. Don't know when the system will crash and don't want to lose the logs. Thx.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Latitude D830
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 208):
0x82E38000 \SystemRoot\system32\ntkrnlpa.exe
0x82E01000 \SystemRoot\system32\halmacpi.dll
0x80BB2000 \SystemRoot\system32\kdcom.dll
0x8881C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x888A1000 \SystemRoot\system32\PSHED.dll
0x888B2000 \SystemRoot\system32\BOOTVID.dll
0x888BA000 \SystemRoot\system32\CLFS.SYS
0x888FC000 \SystemRoot\system32\CI.dll
0x88A1A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88A8B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88A99000 \SystemRoot\system32\drivers\ACPI.sys
0x88AE1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x88AEA000 \SystemRoot\system32\drivers\msisadrv.sys
0x88AF2000 \SystemRoot\system32\drivers\pci.sys
0x88B1C000 \SystemRoot\system32\drivers\vdrvroot.sys
0x88B27000 \SystemRoot\System32\drivers\partmgr.sys
0x88B38000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88B40000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88B4B000 \SystemRoot\system32\drivers\volmgr.sys
0x88B5B000 \SystemRoot\System32\drivers\volmgrx.sys
0x88BA6000 \SystemRoot\system32\drivers\intelide.sys
0x88BAD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x88BBB000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x88BE9000 \SystemRoot\System32\drivers\mountmgr.sys
0x88A00000 \SystemRoot\system32\drivers\atapi.sys
0x889A7000 \SystemRoot\system32\drivers\ataport.SYS
0x88A09000 \SystemRoot\system32\drivers\amdxata.sys
0x889CA000 \SystemRoot\system32\drivers\fltmgr.sys
0x88800000 \SystemRoot\system32\drivers\fileinfo.sys
0x88C1D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x88C48000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88C52000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D81000 \SystemRoot\System32\Drivers\msrpc.sys
0x88DAC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88E09000 \SystemRoot\System32\Drivers\cng.sys
0x88E66000 \SystemRoot\System32\drivers\pcw.sys
0x88E74000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88E7D000 \SystemRoot\system32\drivers\ndis.sys
0x88F34000 \SystemRoot\system32\drivers\NETIO.SYS
0x88F72000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89012000 \SystemRoot\System32\drivers\tcpip.sys
0x8915D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8918E000 \SystemRoot\system32\drivers\vmstorfl.sys
0x89197000 \SystemRoot\system32\drivers\volsnap.sys
0x891D6000 \SystemRoot\System32\Drivers\spldr.sys
0x88F97000 \SystemRoot\System32\drivers\rdyboost.sys
0x891DE000 \SystemRoot\System32\Drivers\mup.sys
0x891EE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88FC4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89000000 \SystemRoot\system32\drivers\disk.sys
0x88DBF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8D409000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D428000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8D4E0000 \SystemRoot\System32\Drivers\Null.SYS
0x8D4E7000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D4EE000 \SystemRoot\System32\drivers\vga.sys
0x8D4FA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D51B000 \SystemRoot\System32\drivers\watchdog.sys
0x8D528000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D530000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D538000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8D540000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D54B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D559000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D570000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D57C000 \SystemRoot\system32\drivers\afd.sys
0x8D5D6000 \SystemRoot\System32\Drivers\aswrdr2.sys
0x8D5E3000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8D833000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D865000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8D86C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D88B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D899000 \SystemRoot\system32\DRIVERS\serial.sys
0x8D8B3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D8C6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D8D7000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8D8E5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D926000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D930000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D93A000 \SystemRoot\System32\drivers\discache.sys
0x8D946000 \SystemRoot\system32\drivers\csc.sys
0x8D9AA000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D9C2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8E434000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8E48A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E4AB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E4BD000 \SystemRoot\system32\DRIVERS\vgapnp.sys
0x8E4CA000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E4D5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E520000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E52F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E63A000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x8EA4D000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8EA89000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8EAB6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EACE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EADB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EAE8000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8EAF2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EAF6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EAFF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8EB0C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8EB1E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EB36000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EB41000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EB63000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EB7B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EB92000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EBA9000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8EBB3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EBB5000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EBE9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E54E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E600000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E592000 \SystemRoot\system32\drivers\HdAudio.sys
0x8E400000 \SystemRoot\system32\drivers\portcls.sys
0x8E611000 \SystemRoot\system32\drivers\drmk.sys
0x94606000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x94643000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x94745000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x8E62A000 \SystemRoot\system32\drivers\modem.sys
0x8E5E2000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x81E39000 \SystemRoot\System32\Drivers\bthport.sys
0x81E9D000 \SystemRoot\System32\Drivers\USBD.SYS
0x81E9F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x81EAA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x81EBD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x81EC4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x81ECF000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x81EF3000 \SystemRoot\system32\drivers\BthEnum.sys
0x81F00000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x95290000 \SystemRoot\System32\win32k.sys
0x81F1B000 \SystemRoot\System32\drivers\Dxapi.sys
0x81F25000 \SystemRoot\System32\Drivers\crashdmp.sys
0x81F32000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x81F3D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x81F46000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x954F0000 \SystemRoot\System32\drivers\dxg.sys
0x81F81000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95520000 \SystemRoot\System32\TSDDD.dll
0x955A0000 \SystemRoot\System32\framebuf.dll
0x955B0000 \SystemRoot\System32\ATMFD.DLL
0x81F8C000 \SystemRoot\system32\drivers\luafv.sys
0x81FA7000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x81FC4000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x81FC8000 \SystemRoot\system32\drivers\WudfPf.sys
0x81FE2000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x81E00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x81E21000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x81F57000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9582B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95871000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95881000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x95894000 \SystemRoot\system32\drivers\HTTP.sys
0x95919000 \SystemRoot\system32\DRIVERS\bowser.sys
0x95932000 \SystemRoot\System32\drivers\mpsdrv.sys
0x95944000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x95967000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x959A2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x959D5000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0x95800000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x95818000 \SystemRoot\system32\drivers\npf.sys
0x9762B000 \SystemRoot\system32\drivers\peauth.sys
0x976C2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x976CC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x976ED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x976FA000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9774A000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4423000 \SystemRoot\system32\drivers\spsys.sys
0x77640000 \Windows\System32\ntdll.dll
0x480E0000 \Windows\System32\smss.exe
0x77880000 \Windows\System32\apisetschema.dll
0x009C0000 \Windows\System32\autochk.exe
0x77860000 \Windows\System32\lpk.dll
0x777D0000 \Windows\System32\oleaut32.dll
0x777C0000 \Windows\System32\normaliz.dll
0x77780000 \Windows\System32\ws2_32.dll
0x77630000 \Windows\System32\psapi.dll
0x77590000 \Windows\System32\usp10.dll
0x77560000 \Windows\System32\imagehlp.dll
0x773C0000 \Windows\System32\setupapi.dll
0x773B0000 \Windows\System32\nsi.dll
0x77350000 \Windows\System32\difxapi.dll
0x77330000 \Windows\System32\imm32.dll
0x77210000 \Windows\System32\urlmon.dll
0x77190000 \Windows\System32\comdlg32.dll
0x770F0000 \Windows\System32\advapi32.dll
0x77010000 \Windows\System32\kernel32.dll
0x763C0000 \Windows\System32\shell32.dll
0x76370000 \Windows\System32\Wldap32.dll
0x762E0000 \Windows\System32\clbcatq.dll
0x76230000 \Windows\System32\rpcrt4.dll
0x76160000 \Windows\System32\user32.dll
0x76140000 \Windows\System32\sechost.dll
0x760E0000 \Windows\System32\shlwapi.dll
0x75F80000 \Windows\System32\ole32.dll
0x75ED0000 \Windows\System32\msvcrt.dll
0x75D10000 \Windows\System32\iertutil.dll
0x75BF0000 \Windows\System32\wininet.dll
0x75B20000 \Windows\System32\msctf.dll
0x75AD0000 \Windows\System32\gdi32.dll
0x75AA0000 \Windows\System32\cfgmgr32.dll
0x75A70000 \Windows\System32\wintrust.dll
0x75950000 \Windows\System32\crypt32.dll
0x758C0000 \Windows\System32\comctl32.dll
0x758A0000 \Windows\System32\devobj.dll
0x75850000 \Windows\System32\KernelBase.dll
0x75840000 \Windows\System32\msasn1.dll

Processes (total 52):
0 System Idle Process
4 System
412 C:\Windows\System32\smss.exe
504 csrss.exe
552 csrss.exe
560 C:\Windows\System32\wininit.exe
600 C:\Windows\System32\winlogon.exe
648 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
764 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
944 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1012 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\audiodg.exe
1212 C:\Windows\System32\svchost.exe
1300 WUDFHost.exe
1352 C:\Windows\System32\svchost.exe
1552 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1644 C:\Windows\System32\spoolsv.exe
1672 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\svchost.exe
1964 C:\Windows\System32\dwm.exe
1972 C:\Windows\System32\SAiAdmin.exe
1988 C:\Windows\explorer.exe
1516 C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe
1860 C:\Windows\System32\taskhost.exe
2084 C:\Windows\System32\SAiDownloaderVista.exe
2128 C:\Windows\System32\SAiLicSvr.exe
2176 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
2220

UPDATE **** This is my other computer NOW. The Bad computer Desktop deleted after running the above program. Will continue after startup repair.

UPDATE ***** Uninstalled MSE. Fixed HOSTS & Made Read Only. Ran OTL. Here are the logs.

OTL logfile created on: 07/11/2012 2:17:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JayLi\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.15% Memory free
4.00 Gb Paging File | 3.18 Gb Available in Paging File | 79.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 49.74 Gb Free Space | 66.82% Space Free | Partition Type: NTFS
Drive D: | 142.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LISETTEMILLER | User Name: JayLi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/06 12:45:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/12 07:40:34 | 000,417,792 | ---- | M] (SA International) -- C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe
PRC - [2011/10/12 07:38:38 | 000,077,824 | ---- | M] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
PRC - [2011/10/12 07:28:36 | 000,065,536 | ---- | M] (SA International) -- C:\Windows\System32\SAiAdmin.exe
PRC - [2011/09/22 06:06:06 | 001,259,040 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2011/09/22 00:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2011/09/22 00:00:00 | 000,292,384 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/12/19 14:58:32 | 000,086,016 | R--- | M] (SA International) -- C:\Windows\System32\SAiLicSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/26 22:41:07 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/08/16 19:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2012/11/03 01:06:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 22:41:07 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/30 19:01:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/12 07:40:34 | 000,417,792 | ---- | M] (SA International) [Auto | Running] -- C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe -- (SAiDownloader)
SRV - [2011/10/12 07:38:38 | 000,077,824 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiDownloaderVista.exe -- (SAiDownloaderVista)
SRV - [2011/10/12 07:28:36 | 000,065,536 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiAdmin.exe -- (SAiAdmin)
SRV - [2011/09/22 06:06:06 | 001,259,040 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2011/09/22 00:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2011/09/22 00:00:00 | 000,292,384 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2010/02/19 15:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 14:58:32 | 000,086,016 | R--- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiLicSvr.exe -- (SAiLicSvr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 11:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2011/05/27 06:05:08 | 000,041,896 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2011/03/18 08:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 08:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/11/20 16:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/17 06:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 58 6E 20 2D A5 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/11/06 13:29:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/02 23:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/11/06 13:29:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/07 16:59:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/01 19:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JayLi\AppData\Roaming\Mozilla\Extensions
[2012/11/07 13:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JayLi\AppData\Roaming\Mozilla\Firefox\Profiles\b9gr7xr1.default\extensions
[2012/11/02 23:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 22:41:08 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

O1 HOSTS File: ([2012/11/07 14:12:37 | 000,000,698 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOption = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35048641-5242-4676-B360-E7CF5876E6E2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{806c81af-0d22-11e2-a78f-001a6bf9aff0}\Shell - "" = AutoRun
O33 - MountPoints2\{806c81af-0d22-11e2-a78f-001a6bf9aff0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Ad-Aware Antivirus - hkey= - key= - File not found
MsConfig - StartUpReg: Ad-Aware Browsing Protection - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/07 14:10:58 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\HostsXpert
[2012/11/07 12:22:39 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Desktop\HostsXpert
[2012/11/07 12:15:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JayLi\Desktop\aswMBR.exe
[2012/11/06 12:45:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
[2012/11/03 16:58:19 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\VRAiFiles
[2012/11/03 16:58:08 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\VinylR
[2012/11/03 16:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
[2012/11/03 16:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\SafeNet Sentinel
[2012/11/03 16:48:07 | 008,396,912 | ---- | C] (SafeNet, Inc. ) -- C:\Users\JayLi\Desktop\Sentinel Protection Installer 7.6.5.exe
[2012/11/03 16:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2012/11/03 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\Downloaded Installations
[2012/11/03 15:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vinyl Express LXi
[2012/11/03 03:14:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/11/03 03:03:37 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2012/11/03 02:49:52 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2012/11/03 01:19:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/11/03 01:19:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/11/03 01:19:06 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/11/03 01:19:06 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/11/03 01:19:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/11/03 01:19:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/03 01:19:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/11/03 01:19:06 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/11/03 01:19:05 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/11/03 01:19:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/03 01:19:05 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/11/03 01:19:05 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/11/03 01:19:05 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/11/03 01:19:05 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/11/03 01:19:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/03 01:19:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/11/03 01:19:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/03 01:19:05 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/11/03 01:19:05 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/11/03 01:19:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/11/03 01:19:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/11/03 01:19:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/11/03 01:19:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/11/03 01:19:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/11/03 01:19:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/03 01:19:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/03 01:19:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/03 01:19:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/11/03 01:19:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/11/03 01:19:04 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/11/03 01:19:04 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/11/03 01:19:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/03 01:19:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/11/03 01:19:04 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/11/03 01:19:04 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/11/03 01:19:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/11/03 01:19:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/11/03 01:11:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/11/03 00:54:08 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/11/03 00:54:08 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/11/03 00:53:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/03 00:53:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/11/03 00:53:11 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/11/03 00:53:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/11/03 00:53:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/11/03 00:52:00 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/11/03 00:52:00 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/11/03 00:51:50 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/11/03 00:51:44 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/11/03 00:51:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/11/03 00:51:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/11/03 00:51:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/11/03 00:50:58 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/11/03 00:50:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/11/03 00:50:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/11/03 00:50:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/11/03 00:50:46 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2012/11/03 00:50:45 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/11/03 00:50:45 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/11/03 00:50:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/11/03 00:50:31 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/11/03 00:50:18 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/11/03 00:50:17 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/11/03 00:50:13 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/11/03 00:50:13 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/11/03 00:50:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/11/03 00:50:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/03 00:50:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/03 00:50:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/11/03 00:50:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/11/03 00:50:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/03 00:50:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/03 00:50:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/03 00:50:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/03 00:50:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/03 00:50:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/11/03 00:50:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/03 00:50:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/11/03 00:50:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/03 00:50:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/11/03 00:50:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/03 00:50:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/11/03 00:50:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/11/03 00:50:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/11/03 00:50:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/03 00:50:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/03 00:50:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/11/03 00:50:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/03 00:50:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/11/03 00:50:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/03 00:50:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/11/03 00:50:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/11/03 00:50:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/11/03 00:50:05 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/11/03 00:50:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/11/03 00:50:02 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012/11/03 00:50:02 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/11/03 00:50:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012/11/03 00:50:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012/11/03 00:50:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012/11/03 00:49:58 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/11/03 00:49:58 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/11/03 00:49:57 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/11/03 00:49:49 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/03 00:49:47 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/11/03 00:49:46 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/11/03 00:49:43 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/11/03 00:49:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/11/03 00:38:10 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/11/03 00:31:44 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/11/03 00:31:44 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/11/03 00:31:25 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/11/03 00:31:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/11/03 00:31:25 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/11/03 00:30:59 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/11/03 00:30:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/11/03 00:30:25 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\VirtualStore
[2012/11/02 23:19:49 | 000,000,000 | --SD | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Videos
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Saved Games
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Pictures
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Music
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Links
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Favorites
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Downloads
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Documents
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Desktop
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\AppData\Local\Temporary Internet Files
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Templates
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Start Menu
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\SendTo
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Recent
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\PrintHood
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\NetHood
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Documents\My Videos
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Documents\My Pictures
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Documents\My Music
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\My Documents
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Local Settings
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\AppData\Local\History
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Cookies
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Application Data
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\AppData\Local\Application Data
[2012/11/02 23:19:49 | 000,000,000 | -H-D | C] -- C:\Users\JayLi\AppData
[2012/11/02 23:19:49 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\Temp
[2012/11/02 23:19:49 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\Microsoft
[2012/11/02 23:19:49 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Media Center Programs
[2012/11/02 23:16:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/11/02 21:30:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/11/02 20:52:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/11/02 20:13:40 | 000,000,000 | ---D | C] -- C:\4d8af5a9e4fb7f239f652fdd2cee
[2012/11/02 20:06:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/11/02 20:01:36 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/11/02 17:13:12 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Malwarebytes
[2012/11/02 17:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/02 17:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/02 17:12:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/02 17:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/02 17:04:12 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\JayLi\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/30 21:53:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/30 04:02:31 | 000,131,384 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2012/10/30 04:02:29 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/10/28 02:53:59 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/27 21:08:51 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/10/27 19:36:56 | 011,088,872 | ---- | C] (Microsoft Corporation) -- C:\Users\JayLi\Desktop\mseinstall.exe
[2012/10/27 15:48:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/27 15:16:46 | 000,000,000 | ---D | C] -- C:\Users\JayLi\SETAcl
[2012/10/27 02:49:12 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Ad-Aware Antivirus
[2012/10/27 01:09:43 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Desktop\backups
[2012/10/26 22:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/25 21:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/10/25 13:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/23 21:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
[2012/10/23 21:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinWatch
[2012/10/23 21:08:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/10/23 21:08:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/10/22 16:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/10/19 00:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/10/19 00:00:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/18 23:38:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/18 23:38:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/18 23:38:14 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/18 01:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/10/18 01:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/10/18 01:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/10/17 17:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/16 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\SlimWare Utilities Inc
[2012/10/16 00:11:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/16 00:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/14 05:23:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/10/14 02:58:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/10/14 02:37:09 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/10/14 02:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/10/14 02:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/10/14 02:30:09 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/13 15:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012/10/13 01:56:59 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012/10/12 02:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/10/12 02:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/10/12 00:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVSoftware
[2012/10/11 22:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/08 23:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\RRTFolder
[2012/10/08 15:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2012/10/08 15:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/10/08 15:11:23 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\PCDr
[2012/10/08 15:11:20 | 000,000,000 | ---D | C] -- C:\temp
[2012/10/08 15:08:37 | 000,038,984 | ---- | C] (Dell Computer Corporation) -- C:\Users\JayLi\Desktop\DellPCDiagnostics.exe

========== Files - Modified Within 30 Days ==========

[2012/11/07 14:12:37 | 000,000,698 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/07 14:10:37 | 000,357,766 | ---- | M] () -- C:\Users\JayLi\Documents\HostsXpert.zip
[2012/11/07 14:08:29 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/07 14:08:29 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/07 14:06:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/07 14:02:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/07 14:02:37 | 1609,015,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/07 12:15:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JayLi\Desktop\aswMBR.exe
[2012/11/07 12:14:01 | 000,080,384 | ---- | M] () -- C:\Users\JayLi\Desktop\MBRCheck.exe
[2012/11/06 15:19:53 | 000,023,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/06 15:19:53 | 000,023,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/06 12:45:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
[2012/11/06 12:43:16 | 000,061,440 | ---- | M] ( ) -- C:\Users\JayLi\Desktop\VEW.exe
[2012/11/05 14:02:56 | 003,782,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/05 01:56:33 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/11/04 21:25:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/04 21:25:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/03 19:49:37 | 000,000,000 | -H-- | M] () -- C:\Users\JayLi\Documents\Default.rdp
[2012/11/03 16:05:08 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/11/03 16:05:08 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/11/03 15:39:49 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012/11/03 09:59:26 | 000,001,407 | ---- | M] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/03 01:19:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/11/03 01:19:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/11/03 01:19:06 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/11/03 01:19:06 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/11/03 01:19:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/11/03 01:19:06 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/03 01:19:06 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/11/03 01:19:06 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/11/03 01:19:05 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/11/03 01:19:05 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/03 01:19:05 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/11/03 01:19:05 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/11/03 01:19:05 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/11/03 01:19:05 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/11/03 01:19:05 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/03 01:19:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/11/03 01:19:05 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/03 01:19:05 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/11/03 01:19:05 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/11/03 01:19:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/11/03 01:19:05 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/11/03 01:19:05 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/11/03 01:19:05 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/11/03 01:19:05 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/11/03 01:19:04 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/03 01:19:04 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/03 01:19:04 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/03 01:19:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/11/03 01:19:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/11/03 01:19:04 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/11/03 01:19:04 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/11/03 01:19:04 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/03 01:19:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/11/03 01:19:04 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/11/03 01:19:04 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/11/03 01:19:04 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/11/03 01:19:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/11/03 00:30:25 | 000,001,382 | RHS- | M] () -- C:\Users\JayLi\ntuser.pol
[2012/11/03 00:29:58 | 000,000,726 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/11/03 00:23:19 | 000,116,385 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/11/03 00:12:17 | 000,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2012/11/02 23:18:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/11/02 21:56:22 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/11/02 21:56:22 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/11/02 17:13:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/02 17:04:20 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\JayLi\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/02 15:21:59 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/30 19:39:25 | 000,444,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_512
[2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/30 17:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/30 07:12:32 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/30 04:13:15 | 000,131,384 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2012/10/30 04:02:29 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/10/27 19:37:05 | 011,088,872 | ---- | M] (Microsoft Corporation) -- C:\Users\JayLi\Desktop\mseinstall.exe
[2012/10/27 17:53:43 | 000,033,588 | ---- | M] () -- C:\Users\JayLi\Documents\cc_20121027_185311_10262012.reg
[2012/10/25 21:49:19 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/10/23 21:24:43 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/10/23 21:24:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/10/17 18:11:56 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/17 18:08:08 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20121030-203925.backup
[2012/10/17 12:39:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_793
[2012/10/17 02:51:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\edit
[2012/10/16 00:11:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/15 11:59:28 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/10/14 02:59:18 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-LISETTEMILLER-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2012/10/08 15:08:38 | 000,038,984 | ---- | M] (Dell Computer Corporation) -- C:\Users\JayLi\Desktop\DellPCDiagnostics.exe

========== Files Created - No Company Name ==========

[2012/11/07 14:10:34 | 000,357,766 | ---- | C] () -- C:\Users\JayLi\Documents\HostsXpert.zip
[2012/11/07 12:13:59 | 000,080,384 | ---- | C] () -- C:\Users\JayLi\Desktop\MBRCheck.exe
[2012/11/06 12:43:13 | 000,061,440 | ---- | C] ( ) -- C:\Users\JayLi\Desktop\VEW.exe
[2012/11/03 19:49:37 | 000,000,000 | -H-- | C] () -- C:\Users\JayLi\Documents\Default.rdp
[2012/11/03 16:03:35 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/11/03 16:03:35 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/11/03 01:19:05 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/11/03 00:31:36 | 000,001,413 | ---- | C] () -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/03 00:30:24 | 000,001,382 | RHS- | C] () -- C:\Users\JayLi\ntuser.pol
[2012/11/03 00:24:42 | 1609,015,296 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/03 00:12:17 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/11/02 23:19:49 | 000,000,290 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/02 23:19:49 | 000,000,272 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/11/02 23:19:24 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/11/02 23:19:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/11/02 23:18:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/11/02 17:13:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/30 07:45:15 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/10/30 07:45:15 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/10/27 19:37:57 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/27 17:53:36 | 000,033,588 | ---- | C] () -- C:\Users\JayLi\Documents\cc_20121027_185311_10262012.reg
[2012/10/25 21:49:19 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/10/17 17:02:06 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/17 02:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\edit
[2012/10/14 02:59:18 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-LISETTEMILLER-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2012/09/23 18:45:16 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/09/08 18:04:43 | 000,000,726 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/05 16:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012/09/05 16:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2012/09/05 16:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2012/09/05 16:53:17 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/05 15:17:23 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2010/11/20 16:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MHZ2080BH G2 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 74.00GB
Starting Offset: 105906176
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/11/02 15:35:25 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Ad-Aware Antivirus
[2012/11/07 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Adobe
[2012/11/02 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Apple Computer
[2012/11/02 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/11/02 23:55:48 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Identities
[2012/11/07 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Macromedia
[2012/11/06 13:13:48 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\MailFrontier
[2012/11/02 23:55:48 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Malwarebytes
[2011/04/11 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Media Center Programs
[2012/11/07 16:47:34 | 000,000,000 | --SD | M] -- C:\Users\JayLi\AppData\Roaming\Microsoft
[2012/11/07 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Mozilla
[2012/11/07 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\PCDr
[2012/08/29 21:20:03 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Publish Providers
[2012/11/07 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Sony
[2012/11/02 23:56:13 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\SUPERAntiSpyware.com
[2012/11/07 14:10:58 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\WinRAR
[2012/11/02 23:56:13 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Xilisoft

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\erdnt\cache\explorer.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\erdnt\cache\mswsock.dll
[2010/11/20 16:29:12 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 16:29:12 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2010/11/20 16:29:11 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\System32\nlaapi.dll
[2010/11/20 16:29:11 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2009/07/13 20:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\erdnt\cache\user32.dll
[2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\erdnt\cache\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/03 01:19:07 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/11/03 01:19:07 | 000,748,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/03 01:19:07 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/11/03 01:19:07 | 000,748,680 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< End of report >


OTL Extras logfile created on: 07/11/2012 2:17:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JayLi\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.15% Memory free
4.00 Gb Paging File | 3.18 Gb Available in Paging File | 79.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 49.74 Gb Free Space | 66.82% Space Free | Partition Type: NTFS
Drive D: | 142.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LISETTEMILLER | User Name: JayLi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B93E784D-2F82-4350-9B81-4904E8B8DDFC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101C45EB-3F3D-42CA-9C8A-8AB577007291}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\tftp_client.exe |
"{11A8B621-C962-4F0A-B7CF-201B974CADA1}" = protocol=17 | dir=in | app=c:\windows\system32\sailicsvr.exe |
"{37BE9B1A-B092-477A-A959-291C4CD50FD6}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{492BD072-828F-45B4-9425-7F6A59B2360D}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\tftp_client.exe |
"{506865DC-2E44-4CBD-9CC1-3B1222345D78}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6C45A910-FCCD-41F3-A225-72750DAC2EC2}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{8EFDCD72-5A1F-43C1-80C0-2414995A3A19}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92EBDBA8-67AC-4471-904E-E6FA9BCF57D0}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app.exe |
"{A1EEE2E4-2F4D-4327-B2DA-69AEA96CF723}" = protocol=6 | dir=in | app=c:\windows\system32\sailicsvr.exe |
"{AA9BC18F-505D-4978-AFE6-E148057295DE}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app2.exe |
"{BBA0538F-B703-406A-8B6C-483F6974FBFC}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app.exe |
"{BFD0D470-C0A4-45CF-9236-F13AAA135BAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D50B6F32-0FD7-49C8-B93F-EEE6F7E3644D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA2A8A0E-820C-4072-8384-3C7C3E970F57}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{EE374E42-04D3-40AC-87FF-39DBB8A2F661}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{FAC4EC53-8D2F-4302-837D-0CFADB7F6C3C}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app2.exe |
"{FB7C930F-540C-4765-AD82-57D2B9A4AF92}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2C0E2B08-0991-43DF-9515-77FA4C5A9DD2}" = Adobe Setup
"{2E8E2726-F641-4636-BB86-A9D4459BA27F}" = Vinyl Express LXi
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC14A37-586A-4AB3-A458-874AAE29337C}" = Adobe Setup
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EA5CC76-8B4D-407B-87F4-DB052978D8A7}" = Adobe Setup
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9307988-3EA8-415E-A91E-0EB1FBF439DA}" = Adobe After Effects CS4 Third Party Content
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}" = Sentinel System Driver Installer 7.5.7
"{B5FCBF46-D2DA-455C-8AB1-148181AEBA14}" = Adobe After Effects CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7E3FF32-7E00-4703-9C34-5777C08A56AA}" = Toon Boom Studio 4.5
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D45B21D2-1ABA-46C4-A226-722DC28EAAC4}" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE09967A-E9E2-4562-A58D-989CA70FA65E}" = Sentinel Protection Installer 7.6.5
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E528A747-DC66-4FD4-AB53-110D024561CC}" = Adobe Premiere Pro CS4
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_0b36ff97a89684768f1da4defc9f237" = Adobe Encore CS4 Codecs
"Adobe_15f4da9bfad48542a17f089e7c5e0ab" = Adobe After Effects CS4 Third Party Content
"Adobe_1b5a11fde44351ae0f4c7fd0e4daadc" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC-Doctor for Windows" = Dell Support Center
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"Revo Uninstaller" = Revo Uninstaller 1.94
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WM Recorder 14" = WM Recorder 14
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/11/2012 2:06:55 PM | Computer Name = LisetteMiller | Source = Windows Search Service | ID = 7042
Description =

Error - 07/11/2012 2:06:55 PM | Computer Name = LisetteMiller | Source = Windows Search Service | ID = 9002
Description =

Error - 07/11/2012 2:06:55 PM | Computer Name = LisetteMiller | Source = Windows Search Service | ID = 3029
Description =

Error - 07/11/2012 2:06:55 PM | Computer Name = LisetteMiller | Source = Windows Search Service | ID = 3029
Description =

Error - 07/11/2012 2:06:55 PM | Computer Name = LisetteMiller | Source = Windows Search Service | ID = 3028
Description =

Error - 07/11/2012 2:06:55 PM | Computer Name = LisetteMiller | Source = Windows Search Service | ID = 3058
Description =

Error - 07/11/2012 2:06:55 PM | Computer Name = LisetteMiller | Source = Windows Search Service | ID = 7010
Description =

Error - 07/11/2012 2:08:11 PM | Computer Name = LisetteMiller | Source = Application Error | ID = 1000
Description = Faulting application name: MpCmdRun.exe, version: 4.1.522.0, time
stamp: 0x5051250b Faulting module name: mpclient.dll, version: 4.1.522.0, time stamp:
0x50512508 Exception code: 0xc0000005 Fault offset: 0x0003c190 Faulting process id:
0xed4 Faulting application start time: 0x01cdbd12d8ea987f Faulting application path:
c:\Program Files\Microsoft Security Client\MpCmdRun.exe Faulting module path: c:\Program
Files\Microsoft Security Client\mpclient.dll Report Id: 16a30a40-2906-11e2-98b8-001a6bf9aff0

Error - 07/11/2012 3:04:27 PM | Computer Name = LisetteMiller | Source = WinMgmt | ID = 10
Description =

Error - 07/11/2012 3:05:01 PM | Computer Name = LisetteMiller | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 07/11/2012 2:11:32 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 07/11/2012 2:11:32 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 07/11/2012 2:11:32 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 07/11/2012 2:11:32 PM | Computer Name = LisetteMiller | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 07/11/2012 3:02:53 PM | Computer Name = LisetteMiller | Source = Microsoft Antimalware | ID = 2004
Description =

Error - 07/11/2012 3:04:05 PM | Computer Name = LisetteMiller | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 07/11/2012 3:04:06 PM | Computer Name = LisetteMiller | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 07/11/2012 3:04:06 PM | Computer Name = LisetteMiller | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 07/11/2012 3:04:06 PM | Computer Name = LisetteMiller | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 07/11/2012 3:04:06 PM | Computer Name = LisetteMiller | Source = Microsoft Antimalware | ID = 2001
Description =

[ Windows PowerShell Events ]
Error - 21/09/2012 5:10:41 PM | Computer Name = LisetteMiller | Source = PowerShell | ID = 103
Description =

Error - 21/09/2012 8:10:15 PM | Computer Name = LisetteMiller | Source = PowerShell | ID = 103
Description =


< End of report >

Edited by Jayli, 07 November 2012 - 01:36 PM.

  • 0

#118
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
The MBRCheck wasn't complete.

If the desktop disappears that means that Explorer.exe is crashing.

You can try to restart it with task manager (Ctrl + Alt + Del) then Start Task Manager, File, New Task then type in explorer.exe.

If it still crashes then use ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if you still get the Explorer crashes.
  • 0

#119
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Here's the new MBR Check Log. Thanks.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Latitude D830
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 172):
0x82E06000 \SystemRoot\system32\ntkrnlpa.exe
0x83219000 \SystemRoot\system32\halmacpi.dll
0x80BB7000 \SystemRoot\system32\kdcom.dll
0x88834000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x888B9000 \SystemRoot\system32\PSHED.dll
0x888CA000 \SystemRoot\system32\BOOTVID.dll
0x888D2000 \SystemRoot\system32\CLFS.SYS
0x88914000 \SystemRoot\system32\CI.dll
0x88A25000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88A96000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88AA4000 \SystemRoot\system32\drivers\ACPI.sys
0x88AEC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x88AF5000 \SystemRoot\system32\drivers\msisadrv.sys
0x88AFD000 \SystemRoot\system32\drivers\pci.sys
0x88B27000 \SystemRoot\system32\drivers\vdrvroot.sys
0x88B32000 \SystemRoot\System32\drivers\partmgr.sys
0x88B43000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88B4B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88B56000 \SystemRoot\system32\drivers\volmgr.sys
0x88B66000 \SystemRoot\System32\drivers\volmgrx.sys
0x88BB1000 \SystemRoot\system32\drivers\intelide.sys
0x88BB8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x88BC6000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x88A00000 \SystemRoot\System32\drivers\mountmgr.sys
0x88A16000 \SystemRoot\system32\drivers\atapi.sys
0x889BF000 \SystemRoot\system32\drivers\ataport.SYS
0x88BF4000 \SystemRoot\system32\drivers\amdxata.sys
0x88800000 \SystemRoot\system32\drivers\fltmgr.sys
0x889E2000 \SystemRoot\system32\drivers\fileinfo.sys
0x88C2C000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x88C36000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88D65000 \SystemRoot\System32\Drivers\msrpc.sys
0x88D90000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88DA3000 \SystemRoot\System32\Drivers\cng.sys
0x88E06000 \SystemRoot\System32\drivers\pcw.sys
0x88E14000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88E1D000 \SystemRoot\system32\drivers\ndis.sys
0x88ED4000 \SystemRoot\system32\drivers\NETIO.SYS
0x88F12000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89014000 \SystemRoot\System32\drivers\tcpip.sys
0x8915F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89190000 \SystemRoot\system32\drivers\vmstorfl.sys
0x89199000 \SystemRoot\system32\drivers\volsnap.sys
0x891D8000 \SystemRoot\System32\Drivers\spldr.sys
0x88F37000 \SystemRoot\System32\drivers\rdyboost.sys
0x891E0000 \SystemRoot\System32\Drivers\mup.sys
0x891F0000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88F64000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89000000 \SystemRoot\system32\drivers\disk.sys
0x88F96000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8D628000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D647000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8D6FF000 \SystemRoot\System32\Drivers\Null.SYS
0x8D706000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D70D000 \SystemRoot\System32\drivers\vga.sys
0x8D719000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D73A000 \SystemRoot\System32\drivers\watchdog.sys
0x8D747000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D74F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D757000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8D75F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D76A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D778000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D78F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D79B000 \SystemRoot\system32\drivers\afd.sys
0x8D600000 \SystemRoot\System32\Drivers\aswrdr2.sys
0x8D60D000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8E23E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E270000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E277000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E296000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E2A4000 \SystemRoot\system32\DRIVERS\serial.sys
0x8E2BE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E2D1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E2E2000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8E2F0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E331000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E33B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E345000 \SystemRoot\System32\drivers\discache.sys
0x8E351000 \SystemRoot\system32\drivers\csc.sys
0x8E3B5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E3CD000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8E43A000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8E490000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E4B1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E4C3000 \SystemRoot\system32\DRIVERS\vgapnp.sys
0x8E4D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E4DB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E526000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E535000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F013000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x8F426000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8F462000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8F48F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F4A7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F4B4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F4C1000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8F4CB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F4CF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F4D8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8F4E5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8F4F7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F50F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F51A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F53C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F554000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F56B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F582000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8F58C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F58E000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F5C2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E554000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F5D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E598000 \SystemRoot\system32\drivers\HdAudio.sys
0x8E400000 \SystemRoot\system32\drivers\portcls.sys
0x8F5E1000 \SystemRoot\system32\drivers\drmk.sys
0x8E200000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x94C1E000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x94D20000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x94DD5000 \SystemRoot\system32\drivers\modem.sys
0x94DE2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x94DED000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x94C00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x94C07000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x94C09000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F000000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x95833000 \SystemRoot\System32\Drivers\bthport.sys
0x954A0000 \SystemRoot\System32\win32k.sys
0x95897000 \SystemRoot\System32\drivers\Dxapi.sys
0x958A1000 \SystemRoot\system32\DRIVERS\udfs.sys
0x958E1000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x95905000 \SystemRoot\system32\drivers\BthEnum.sys
0x95912000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x95700000 \SystemRoot\System32\drivers\dxg.sys
0x95957000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95730000 \SystemRoot\System32\TSDDD.dll
0x957B0000 \SystemRoot\System32\framebuf.dll
0x95400000 \SystemRoot\System32\ATMFD.DLL
0x95962000 \SystemRoot\system32\drivers\luafv.sys
0x9597D000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x9599A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x9599E000 \SystemRoot\system32\drivers\WudfPf.sys
0x959B8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x959C5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x959D0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x959D9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x959EA000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x95800000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x95821000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x9592D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95022000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x95068000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x95078000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9508B000 \SystemRoot\system32\drivers\HTTP.sys
0x95110000 \SystemRoot\system32\DRIVERS\bowser.sys
0x95129000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9513B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9515E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x95199000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x951CC000 \SystemRoot\System32\Drivers\SENTINEL.SYS
0x95000000 \SystemRoot\system32\drivers\npf.sys
0x98A02000 \SystemRoot\system32\drivers\peauth.sys
0x98A99000 \SystemRoot\System32\Drivers\secdrv.SYS
0x98AA3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98AC4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x98AD1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x98B21000 \SystemRoot\System32\DRIVERS\srv.sys
0x98B73000 \SystemRoot\system32\drivers\spsys.sys
0x77BC0000 \Windows\System32\ntdll.dll
0x48100000 \Windows\System32\smss.exe
0x77E00000 \Windows\System32\apisetschema.dll
0x003F0000 \Windows\System32\autochk.exe

Processes (total 42):
0 System Idle Process
4 System
412 C:\Windows\System32\smss.exe
500 csrss.exe
548 C:\Windows\System32\wininit.exe
564 csrss.exe
600 C:\Windows\System32\services.exe
632 C:\Windows\System32\winlogon.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
764 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1252 C:\Windows\System32\svchost.exe
1368 WUDFHost.exe
1488 C:\Windows\System32\svchost.exe
1568 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1752 C:\Windows\System32\dwm.exe
1776 C:\Windows\explorer.exe
1864 C:\Windows\System32\spoolsv.exe
1900 C:\Windows\System32\svchost.exe
1932 C:\Windows\System32\svchost.exe
688 C:\Windows\System32\SAiAdmin.exe
664 C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe
980 C:\Windows\System32\SAiDownloaderVista.exe
1344 C:\Windows\System32\SAiLicSvr.exe
1564 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
1588 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
1448 C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
2216 C:\Windows\System32\svchost.exe
2392 C:\Windows\System32\taskhost.exe
3076 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3140 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3172 C:\Windows\System32\SearchIndexer.exe
3568 C:\Windows\System32\sppsvc.exe
3716 C:\Windows\System32\svchost.exe
4008 C:\Program Files\Windows Media Player\wmpnetwk.exe
2288 C:\Windows\System32\audiodg.exe
1188 C:\Users\JayLi\Desktop\MBRCheck.exe
3380 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2080BHG2, Rev: 00000009

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
  • 0

#120
Jayli

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-07 15:04:26
-----------------------------
15:04:26.373 OS Version: Windows 6.1.7601 Service Pack 1
15:04:26.373 Number of processors: 2 586 0xF0B
15:04:26.373 ComputerName: LISETTEMILLER UserName: JayLi
15:04:27.184 Initialize success
15:04:28.135 AVAST engine defs: 12110700
15:05:04.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:05:04.312 Disk 0 Vendor: FUJITSU_MHZ2080BH_G2 00000009 Size: 76319MB BusType: 3
15:05:04.359 Disk 0 MBR read successfully
15:05:04.374 Disk 0 MBR scan
15:05:04.390 Disk 0 Windows 7 default MBR code
15:05:04.405 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:05:04.405 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
15:05:04.437 Disk 0 scanning sectors +156299264
15:05:04.515 Disk 0 scanning C:\Windows\system32\drivers
15:05:15.793 Service scanning
15:05:40.208 Modules scanning
15:05:49.427 AVAST engine scan C:\Windows
15:05:51.143 AVAST engine scan C:\Windows\system32
15:07:29.704 AVAST engine scan C:\Windows\system32\drivers
15:07:37.894 AVAST engine scan C:\Users\JayLi
15:07:50.733 AVAST engine scan C:\ProgramData
15:07:59.157 Scan finished successfully
15:08:23.150 Disk 0 MBR has been saved successfully to "C:\Users\JayLi\Desktop\MBR.dat"
15:08:23.165 The log file has been saved successfully to "C:\Users\JayLi\Desktop\aswMBR.txt"


Fyi. The desktop is not acting up right now. System seems to be getting more stable. Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP