Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer freezes every now and then, keyboard goes haywire. Did I catc


  • This topic is locked This topic is locked

#1
ladykaze

ladykaze

    Member

  • Member
  • PipPip
  • 47 posts
Hi,recently, I had encountered some annoying issues with my PC especially with my keyboard. Every now and then I can sense that the keyboard and the mouse is not reacting well. My mouse will hang a bit and move every now and then. As for my keyboard, it did not work very well. Either it lags as I typed and I ended up missing a few letters or space in my message or I will get something like this. You sssssssssssssssssssssssssssssssssssssssssssssee. That is wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwhat I meaaaaaaaaaaaaaaaaaaaaaaan. I can ended up deleting my sentences thanks to this. I'm wondering if I caught some virus somewhere.

Please help. Thanks a lot.

Here is my OTL report:
OTL logfile created on: 21/1/2013 1:16:12 AM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Miss Yi Jun\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1.99 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.28% Memory free
4.21 Gb Paging File | 2.11 Gb Available in Paging File | 50.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.73 Gb Total Space | 64.84 Gb Free Space | 29.51% Space Free | Partition Type: NTFS
Drive D: | 78.36 Gb Total Space | 77.88 Gb Free Space | 99.38% Space Free | Partition Type: NTFS

Computer Name: MISSYIJUN-PC | User Name: Miss Yi Jun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/15 20:08:46 | 001,101,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/10/06 04:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Miss Yi Jun\Downloads\OTL.exe
PRC - [2012/09/22 21:09:42 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/09/22 21:09:36 | 001,737,728 | ---- | M] (Lavasoft Limited ) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/05/11 17:39:26 | 002,637,624 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2012/05/11 17:30:58 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2012/02/29 00:02:07 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/14 19:57:40 | 000,019,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/04/14 19:55:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 09:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/12/08 14:51:52 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/31 01:45:08 | 004,993,024 | ---- | M] (FS2YOU) -- C:\Program Files\GridService\peer.exe
PRC - [2008/06/27 16:04:31 | 001,453,568 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciTrayApp.exe
PRC - [2008/01/21 10:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008/01/16 09:10:37 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/11 15:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/06/13 08:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/03/16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/15 20:08:47 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
MOD - [2013/01/15 20:08:46 | 001,101,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/01/11 21:04:37 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013/01/11 21:02:56 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 21:02:47 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/10 01:28:30 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013/01/10 01:28:26 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 01:28:14 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013/01/10 01:28:00 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/10 01:27:55 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013/01/10 01:27:51 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/10 01:27:45 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/01/08 08:06:22 | 000,460,392 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
MOD - [2013/01/08 08:06:21 | 012,459,624 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
MOD - [2013/01/08 08:06:19 | 004,012,648 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013/01/08 08:05:29 | 000,598,120 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013/01/08 08:05:28 | 000,124,520 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013/01/08 08:05:25 | 001,553,000 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012/10/03 23:00:20 | 000,055,816 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Temp\d0d94490-af44-4ddb-bc13-e620b29d93f9\CliSecureRT.dll
MOD - [2012/05/11 17:35:30 | 000,397,312 | ---- | M] () -- C:\Program Files\Orbitdownloader\wtlctrl.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/14 19:57:40 | 000,019,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010/07/05 05:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/06/13 08:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MOD - [2007/05/23 08:23:34 | 004,591,616 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll
MOD - [2007/05/22 15:44:50 | 000,023,552 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll
MOD - [2006/03/09 18:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Ssbbuse)
SRV - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/09 22:27:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/25 14:06:18 | 000,073,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\FunshionLauncher\FunshionSvr.dll -- (FunshionSvr)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/22 21:09:36 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\appliand.sys -- (appliandMP)
DRV - [2013/01/15 20:08:47 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/20 19:48:54 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/02/18 12:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/02/04 22:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/24 21:17:20 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/01/24 21:17:20 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/01/03 16:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 16:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/01/03 16:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/01/03 16:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/03 17:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/05 03:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/25 23:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 23:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 23:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 23:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 23:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 23:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 23:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/04/02 09:48:40 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/04/02 09:48:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/09/19 22:14:10 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/09/19 22:14:10 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.hao123.com/?tn=29065018_49_hao_pg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hao123.com/?tn=29065018_49_hao_pg
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hao123.com/?tn=29065018_49_hao_pg
IE - HKCU\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/q?sc=web&cid=th.ub&w={searchTerms}&cin=!J-5pUWfxAqT8QfS!WYGAC060wc50000&lr=&ie={inputEncoding}&unc=y400372_2
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7MOOI_enSG457
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.c...fr&d=2012-09-29 13:06:44&v=14.0.2.14&pid=avg&sg=&sap=hp"
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.0
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://isearch.avg.c...fr&d=2012-09-29 13:06:44&pid=avg&sg=&v=14.0.2.14&sap=ku&q="
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@ylmf.com/UploadPlugin: C:\Program Files\115\UDown\NPUpLoadFile.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/29 00:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/15 20:10:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2012/05/18 14:26:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2012/08/17 14:44:33 | 000,000,000 | ---D | M]

[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions
[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2012/09/13 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions
[2010/05/29 01:08:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/04/22 01:58:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/10/23 15:10:18 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/08/15 03:26:47 | 000,000,000 | ---D | M] (Nami Plugin) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/09/12 22:13:04 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (Mitter Toolbar) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/29 00:03:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - homepage: http://isearch.avg.c...fr&d=2012-09-29 13:06:44&v=14.0.2.14&pid=avg&sg=&sap=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://isearch.avg.c...fr&d=2012-09-29 13:06:44&v=14.0.2.14&pid=avg&sg=&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Windows Media Player\np-mswmp.dll
CHR - plugin: 115.COM Upload Plugin (Enabled) = C:\Program Files\115\UDown\NPUpLoadFile.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Thunder DapCtrl Plugin (Enabled) = C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: QvodInsert (Enabled) = C:\QvodPlayerQvodPlayer\npQvodInsert.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.3_0\
CHR - Extension: AVG Secure Search = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.2.14_0\
CHR - Extension: Gmail = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/08/10 22:54:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (xiamistart Class) - {658D2C4F-158A-46FB-8C96-B1C8F56DBBE9} - C:\PROGRA~1\Shark\XIAMIP~1.DLL File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Grid Service] C:\Program Files\GridService\peer.exe (FS2YOU)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DBank_ClickUp] C:\Program Files\DBank\ClickUp\DBank_ClickUp.exe (华为软件技术有限公司 版权所有)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [同步盘] "C:\Users\Miss Yi Jun\AppData\Roaming\115\Box\115Box.exe" autorun File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92833653-E5A0-4C2D-870F-10A4A9E9EC78}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/17 22:06:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/12 23:44:34 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\RealNetworks
[2013/01/12 19:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FunshionLauncher
[2013/01/12 12:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[75 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/21 01:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 00:56:20 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 00:56:20 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 00:45:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000UA.job
[2013/01/21 00:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 23:08:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/20 21:01:50 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2013/01/20 21:01:50 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2013/01/20 20:56:27 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/20 20:56:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/20 01:22:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/20 00:00:51 | 052,705,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/20 00:00:50 | 020,673,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/15 20:08:47 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/01/12 19:58:22 | 000,004,602 | ---- | M] () -- C:\Users\Miss Yi Jun\funshion.ini
[2013/01/12 19:18:25 | 000,001,138 | ---- | M] () -- C:\Windows\System32\funshion.ini
[2013/01/12 12:10:58 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/11 20:49:42 | 000,002,074 | ---- | M] () -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 20:49:42 | 000,002,072 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\Google Chrome.lnk
[2013/01/10 22:04:53 | 000,374,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/06 15:45:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000Core.job
[2013/01/01 17:30:06 | 000,001,850 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Roaming\network.dat
[75 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/15 20:10:45 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2012/09/13 22:59:05 | 000,001,850 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\network.dat
[2012/08/01 10:18:40 | 000,004,602 | ---- | C] () -- C:\Users\Miss Yi Jun\funshion.ini
[2012/08/01 10:18:40 | 000,001,138 | ---- | C] () -- C:\Windows\System32\funshion.ini
[2012/03/23 22:03:21 | 000,000,911 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\coreavc.ini
[2011/12/02 14:06:28 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2011/04/27 19:49:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/27 19:49:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/09 02:11:22 | 000,004,096 | -H-- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\keyfile3.drm
[2011/03/02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/03/02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/03/02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/03/02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/02/20 20:32:32 | 000,000,050 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\Syscfg.ini
[2010/12/13 21:47:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/20 22:17:52 | 000,000,552 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d8caps.dat
[2010/03/30 00:30:11 | 000,000,000 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2008/09/20 23:57:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/18 20:19:05 | 000,037,165 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/06/21 19:39:38 | 000,181,248 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 16:45:56 | 000,001,356 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/10 15:15:14 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\115
[2012/07/07 13:21:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\360Login
[2012/11/11 00:27:55 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\360se
[2008/10/10 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Ashampoo
[2012/09/29 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\AVG2013
[2011/03/24 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BitTorrent
[2009/03/01 23:38:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BonkEnc
[2012/01/27 00:15:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Canon
[2009/10/27 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/19 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\CravingExplorer
[2011/12/31 23:47:59 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DBank
[2012/03/24 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Digiarty
[2012/03/24 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DVDVideoSoft
[2011/04/22 02:10:21 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/03/01 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Facebook
[2008/06/22 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\FlashGet
[2012/07/07 14:34:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\flash_se
[2009/07/28 21:24:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Flock
[2010/08/20 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\funshionAddr
[2012/03/27 12:25:16 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\HandBrake
[2012/08/22 01:27:26 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Leawo
[2012/11/29 20:31:14 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Mp3tag
[2009/11/26 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\NCH Swift Sound
[2013/01/21 01:15:59 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Orbit
[2011/11/14 00:55:30 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PhotoScape
[2010/08/15 01:04:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PPStream
[2012/05/18 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\ProgSense
[2012/05/18 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Recordpad
[2010/08/17 01:10:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Runscanner.net
[2011/11/07 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Samsung
[2011/01/24 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony
[2011/01/24 20:59:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony Setup
[2009/06/12 23:12:48 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Teleca
[2012/12/05 21:05:51 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Tencent
[2012/08/22 01:29:00 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\tiger-k
[2012/09/29 13:07:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\TuneUp Software
[2011/02/20 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\UDown
[2009/10/19 02:09:13 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Windows Live Writer
[2010/11/27 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/07/08 02:15:56 | 000,000,000 | ---D | M](C:\360????) -- C:\360高速下载
[2012/07/07 15:50:41 | 000,000,000 | ---D | C](C:\360????) -- C:\360高速下载
[2012/07/07 13:21:15 | 000,000,897 | ---- | M] ()(C:\Users\Miss Yi Jun\Desktop\360?????.lnk) -- C:\Users\Miss Yi Jun\Desktop\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,897 | ---- | C] ()(C:\Users\Miss Yi Jun\Desktop\360?????.lnk) -- C:\Users\Miss Yi Jun\Desktop\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,877 | ---- | M] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,877 | ---- | C] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/02 12:59:18 | 000,014,347 | ---- | M] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/07/02 12:59:16 | 000,014,347 | ---- | C] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | M] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | C] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/03/08 22:30:34 | 000,000,000 | ---D | M](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
[2012/03/08 21:31:25 | 000,000,000 | ---D | C](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
(C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360????) -- C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:2A81F9CE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4F227235

< End of report >
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hello ladykaze and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I apologize about the delay, it happens sometimes.

Since it's been a few days since your initial post, I would like to see fresh logs, but first I need you to move the OTL program out of your downloads folder, and put it directly on your desktop. You can do this by dragging the icon from the downloads folder, and dropping it directly onto your desktop.

Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. It will be in the same location as OTL.
  • Post both logs in your next response

Step 2
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:
  • fresh OTL log
  • RKreport.txt which is the RogueKiller log file

  • 0

#3
ladykaze

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi, thank you for the reply. Please see the requested log. As I was typing out this message, my mouse keyboard is acting up giving me problem again. I almost thought my problem is a kind of problem which nobody can solve :(


1. fresh OTL log

OTL logfile created on: 29/1/2013 11:22:09 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Miss Yi Jun\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.89% Memory free
4.21 Gb Paging File | 2.66 Gb Available in Paging File | 63.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.73 Gb Total Space | 55.61 Gb Free Space | 25.31% Space Free | Partition Type: NTFS
Drive D: | 78.36 Gb Total Space | 77.88 Gb Free Space | 99.38% Space Free | Partition Type: NTFS
Drive H: | 998.10 Mb Total Space | 141.82 Mb Free Space | 14.21% Space Free | Partition Type: FAT32

Computer Name: MISSYIJUN-PC | User Name: Miss Yi Jun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/29 23:20:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Miss Yi Jun\Desktop\OTL (1).exe
PRC - [2013/01/15 20:08:46 | 001,101,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/12 19:24:55 | 000,716,424 | ---- | M] (北京风行在线技术有限公司) -- C:\Program Files\Common Files\FunshionLauncher\FunshionSync\FunshionSync.exe
PRC - [2013/01/12 19:24:55 | 000,416,712 | ---- | M] () -- C:\Program Files\Common Files\FunshionLauncher\FunshionSync\adb.exe
PRC - [2012/12/25 14:07:14 | 000,246,560 | ---- | M] (Funshion) -- C:\Program Files\Common Files\FunshionLauncher\FSPlatform.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/22 21:09:42 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/09/22 21:09:36 | 001,737,728 | ---- | M] (Lavasoft Limited ) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/02/29 00:02:07 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/04/14 19:57:40 | 000,019,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/04/14 19:55:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 09:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/12/08 14:51:52 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 14:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/12/31 01:45:08 | 004,993,024 | ---- | M] (FS2YOU) -- C:\Program Files\GridService\peer.exe
PRC - [2008/06/27 16:04:31 | 001,453,568 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SingTel\McciTrayApp.exe
PRC - [2008/01/16 09:10:37 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/11 15:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/06/13 08:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/03/16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/15 20:08:47 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
MOD - [2013/01/15 20:08:46 | 001,101,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/01/12 19:24:55 | 000,416,712 | ---- | M] () -- C:\Program Files\Common Files\FunshionLauncher\FunshionSync\adb.exe
MOD - [2013/01/11 21:04:37 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013/01/11 21:02:56 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 21:02:47 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013/01/10 01:28:30 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013/01/10 01:28:26 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 01:28:14 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013/01/10 01:28:00 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013/01/10 01:27:55 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013/01/10 01:27:51 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/10 01:27:45 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/10/03 23:00:20 | 000,055,816 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\Temp\d0d94490-af44-4ddb-bc13-e620b29d93f9\CliSecureRT.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/14 19:57:40 | 000,019,872 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2007/06/13 08:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MOD - [2007/05/23 08:23:34 | 004,591,616 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll
MOD - [2007/05/22 15:44:50 | 000,023,552 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll
MOD - [2006/03/09 18:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Ssbbuse)
SRV - [2013/01/15 20:08:46 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/09 22:27:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/25 14:06:18 | 000,073,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\FunshionLauncher\FunshionSvr.dll -- (FunshionSvr)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/22 21:09:36 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\appliand.sys -- (appliandMP)
DRV - [2013/01/15 20:08:47 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/20 19:48:54 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex)
DRV - [2011/02/18 12:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/02/18 12:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/02/04 22:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/24 21:17:20 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/01/24 21:17:20 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/01/03 16:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 16:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/01/03 16:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/01/03 16:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 13:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/03 17:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/05 03:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/25 23:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 23:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 23:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 23:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 23:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 23:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 23:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/04/02 09:48:40 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/04/02 09:48:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2006/09/19 22:14:10 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/09/19 22:14:10 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/17 15:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.hao123.com/?tn=29065018_49_hao_pg
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hao123.com/?tn=29065018_49_hao_pg
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hao123.com/?tn=29065018_49_hao_pg
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/q?sc=web&cid=th.ub&w={searchTerms}&cin=!J-5pUWfxAqT8QfS!WYGAC060wc50000&lr=&ie={inputEncoding}&unc=y400372_2
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7MOOI_enSG457
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.c...fr&d=2012-09-29 13:06:44&v=14.0.2.14&pid=avg&sg=&sap=hp"
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.0
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://isearch.avg.c...fr&d=2012-09-29 13:06:44&pid=avg&sg=&v=14.0.2.14&sap=ku&q="
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrlPlugin: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@ylmf.com/UploadPlugin: C:\Program Files\115\UDown\NPUpLoadFile.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Miss Yi Jun\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/29 00:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/15 20:10:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2012/05/18 14:26:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2013/01/22 00:09:02 | 000,000,000 | ---D | M]

[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions
[2009/07/28 21:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2012/09/13 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions
[2010/05/29 01:08:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2011/04/22 01:58:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/10/23 15:10:18 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/08/15 03:26:47 | 000,000,000 | ---D | M] (Nami Plugin) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2010/09/12 22:13:04 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
[2011/02/07 21:10:37 | 000,000,000 | ---D | M] (Mitter Toolbar) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2012/02/29 00:03:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - homepage: http://isearch.avg.c...fr&d=2012-09-29 13:06:44&v=14.0.2.14&pid=avg&sg=&sap=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://isearch.avg.c...fr&d=2012-09-29 13:06:44&v=14.0.2.14&pid=avg&sg=&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Windows Media Player\np-mswmp.dll
CHR - plugin: 115.COM Upload Plugin (Enabled) = C:\Program Files\115\UDown\NPUpLoadFile.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Thunder DapCtrl Plugin (Enabled) = C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(530).dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: QvodInsert (Enabled) = C:\QvodPlayerQvodPlayer\npQvodInsert.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.2 (Enabled) = C:\Users\Miss Yi Jun\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Miss Yi Jun\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.3_0\
CHR - Extension: AVG Secure Search = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.2.14_0\
CHR - Extension: Gmail = C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/08/10 22:54:02 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (xiamistart Class) - {658D2C4F-158A-46FB-8C96-B1C8F56DBBE9} - C:\PROGRA~1\Shark\XIAMIP~1.DLL File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Grid Service] C:\Program Files\GridService\peer.exe (FS2YOU)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SingTel_McciTrayApp] C:\Program Files\SingTel\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000..\Run: [同步盘] "C:\Users\Miss Yi Jun\AppData\Roaming\115\Box\115Box.exe" autorun File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..Trusted Domains: security_PPStream.exe ([]about in Trusted sites)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92833653-E5A0-4C2D-870F-10A4A9E9EC78}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/29 23:20:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Miss Yi Jun\Desktop\OTL (1).exe
[2013/01/27 00:50:59 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Miss Yi Jun\Desktop\dds.com
[2013/01/12 23:44:34 | 000,000,000 | ---D | C] -- C:\Users\Miss Yi Jun\AppData\Roaming\RealNetworks
[2013/01/12 19:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FunshionLauncher
[2013/01/12 12:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[75 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/29 23:27:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/29 23:20:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Miss Yi Jun\Desktop\OTL (1).exe
[2013/01/29 23:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/29 23:08:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/29 22:58:23 | 052,887,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/29 22:58:23 | 020,767,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/29 22:45:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000UA.job
[2013/01/29 21:36:25 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 21:36:25 | 000,005,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 19:36:30 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/29 19:36:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/29 00:51:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/27 17:47:42 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2013/01/27 17:47:42 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2013/01/25 21:57:18 | 000,000,000 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2013/01/24 21:50:26 | 000,002,074 | ---- | M] () -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/24 21:50:25 | 000,002,072 | ---- | M] () -- C:\Users\Miss Yi Jun\Desktop\Google Chrome.lnk
[2013/01/22 00:09:02 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/01/15 20:08:47 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/01/12 19:58:22 | 000,004,602 | ---- | M] () -- C:\Users\Miss Yi Jun\funshion.ini
[2013/01/12 19:18:25 | 000,001,138 | ---- | M] () -- C:\Windows\System32\funshion.ini
[2013/01/12 12:10:58 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/10 22:04:53 | 000,374,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/06 15:45:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-631317932-1057005952-1023814535-1000Core.job
[2013/01/01 17:30:06 | 000,001,850 | ---- | M] () -- C:\Users\Miss Yi Jun\AppData\Roaming\network.dat
[75 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/15 20:10:45 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2012/09/13 22:59:05 | 000,001,850 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\network.dat
[2012/08/01 10:18:40 | 000,004,602 | ---- | C] () -- C:\Users\Miss Yi Jun\funshion.ini
[2012/08/01 10:18:40 | 000,001,138 | ---- | C] () -- C:\Windows\System32\funshion.ini
[2012/03/23 22:03:21 | 000,000,911 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\coreavc.ini
[2011/12/02 14:06:28 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2011/04/27 19:49:39 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/27 19:49:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/09 02:11:22 | 000,004,096 | -H-- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\keyfile3.drm
[2011/03/02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/03/02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/03/02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/03/02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/02/20 20:32:32 | 000,000,050 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Roaming\Syscfg.ini
[2010/12/13 21:47:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/20 22:17:52 | 000,000,552 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d8caps.dat
[2010/03/30 00:30:11 | 000,000,000 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\prvlcl.dat
[2008/09/20 23:57:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/18 20:19:05 | 000,037,165 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/06/21 19:39:38 | 000,181,248 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/20 16:45:56 | 000,001,356 | ---- | C] () -- C:\Users\Miss Yi Jun\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/13 12:49:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 12:49:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/02/10 15:15:14 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\115
[2012/07/07 13:21:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\360Login
[2012/11/11 00:27:55 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\360se
[2008/10/10 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Ashampoo
[2012/09/29 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\AVG2013
[2011/03/24 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BitTorrent
[2009/03/01 23:38:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\BonkEnc
[2012/01/27 00:15:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Canon
[2009/10/27 21:57:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/19 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\CravingExplorer
[2011/12/31 23:47:59 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DBank
[2012/03/24 18:27:35 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Digiarty
[2012/03/24 15:52:22 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DVDVideoSoft
[2011/04/22 02:10:21 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/03/01 13:46:18 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Facebook
[2008/06/22 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\FlashGet
[2012/07/07 14:34:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\flash_se
[2009/07/28 21:24:29 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Flock
[2010/08/20 22:24:21 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\funshionAddr
[2012/03/27 12:25:16 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\HandBrake
[2012/08/22 01:27:26 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Leawo
[2012/11/29 20:31:14 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Mp3tag
[2009/11/26 00:13:15 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\NCH Swift Sound
[2013/01/27 01:04:51 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Orbit
[2011/11/14 00:55:30 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PhotoScape
[2010/08/15 01:04:05 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\PPStream
[2012/05/18 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\ProgSense
[2012/05/18 18:34:20 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Recordpad
[2010/08/17 01:10:10 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Runscanner.net
[2011/11/07 21:39:51 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Samsung
[2011/01/24 21:09:47 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony
[2011/01/24 20:59:23 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Sony Setup
[2009/06/12 23:12:48 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Teleca
[2012/12/05 21:05:51 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Tencent
[2012/08/22 01:29:00 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\tiger-k
[2012/09/29 13:07:12 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\TuneUp Software
[2011/02/20 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\UDown
[2009/10/19 02:09:13 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\Windows Live Writer
[2010/11/27 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\Miss Yi Jun\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 17:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 10:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 10:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 14:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 14:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 14:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 10:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 08:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 14:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 23:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 10:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 14:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 10:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 14:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 14:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 10:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 10:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 10:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 10:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 10:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 14:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 22:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 14:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 10:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 14:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 14:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 10:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 22:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 14:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/07 00:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 14:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/05 02:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 14:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 19:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 14:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 14:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 14:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 10:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 14:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 14:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 14:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 14:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 14:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 06:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 14:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/12 03:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 19:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 14:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 14:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 11:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 10:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 10:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/19 05:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CNF >
[2008/06/22 01:48:41 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Miss Yi Jun\Documents\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.DAT >
[2009/05/24 21:38:57 | 000,000,030 | ---- | M] () MD5=9C6DCDE88B3E394BF959816512037E76 -- C:\Users\Miss Yi Jun\AppData\Local\VirtualStore\Program Files\ProxyWay\services.dat

< MD5 for: SERVICES.EXE >
[2008/01/21 10:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 14:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 20:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 10:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/19 05:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 20:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/19 05:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 10:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2011/12/30 02:35:29 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 10:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 14:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 10:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/11/02 15:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 15:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 15:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL

========== Files - Unicode (All) ==========
[2012/07/08 02:15:56 | 000,000,000 | ---D | M](C:\360????) -- C:\360高速下载
[2012/07/07 15:50:41 | 000,000,000 | ---D | C](C:\360????) -- C:\360高速下载
[2012/07/07 13:21:15 | 000,000,897 | ---- | M] ()(C:\Users\Miss Yi Jun\Desktop\360?????.lnk) -- C:\Users\Miss Yi Jun\Desktop\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,897 | ---- | C] ()(C:\Users\Miss Yi Jun\Desktop\360?????.lnk) -- C:\Users\Miss Yi Jun\Desktop\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,877 | ---- | M] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/07 13:21:15 | 000,000,877 | ---- | C] ()(C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360?????.lnk) -- C:\Users\Miss Yi Jun\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器.lnk
[2012/07/02 12:59:18 | 000,014,347 | ---- | M] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/07/02 12:59:16 | 000,014,347 | ---- | C] ()(C:\Users\Miss Yi Jun\Documents\???.docx) -- C:\Users\Miss Yi Jun\Documents\迪迪宅.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | M] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/06/20 13:01:47 | 000,000,162 | -H-- | C] ()(C:\Users\Miss Yi Jun\Documents\~$?????.docx) -- C:\Users\Miss Yi Jun\Documents\~$自己想要的.docx
[2012/03/08 22:30:34 | 000,000,000 | ---D | M](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
[2012/03/08 21:31:25 | 000,000,000 | ---D | C](C:\Users\Miss Yi Jun\Documents\115???) -- C:\Users\Miss Yi Jun\Documents\115浏览器
(C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360????) -- C:\Users\Miss Yi Jun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:2A81F9CE
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4F227235

< End of report >

2. RKreport.txt which is the RogueKiller log file

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Miss Yi Jun [Admin rights]
Mode : Scan -- Date : 01/29/2013 23:45:55
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : 同步盘 ("C:\Users\Miss Yi Jun\AppData\Roaming\115\Box\115Box.exe" autorun) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-631317932-1057005952-1023814535-1000[...]\Run : 同步盘 ("C:\Users\Miss Yi Jun\AppData\Roaming\115\Box\115Box.exe" autorun) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725032VLA360 ATA Device +++++
--- User ---
[MBR] e4dab31f814339925c1ec8c09de91eed
[BSP] ce87fbd57b961e2cd53272d5123dcfab : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 225000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 460802048 | Size: 80243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Samsung YP-U2 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01292013_02d2345.txt >>
RKreport[1]_S_01292013_02d2345.txt
  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi there,
I do see a little bit of adware to remove, so let's do that, and see if it clears up your keyboard and mouse issues.


Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.hao123.com/?tn=29065018_49_hao_pg
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hao123.com/?tn=29065018_49_hao_pg
    IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hao123.com/?tn=29065018_49_hao_pg
    IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    IE - HKU\S-1-5-21-631317932-1057005952-1023814535-1000\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/...}&unc=y400372_2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
    [2011/02/07 21:10:37 | 000,000,000 | ---D | M] (Mitter Toolbar) -- C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
    File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]
    File not found (No name found) -- C:\USERS\MISS YI JUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GDRFJDAB.DEFAULT\EXTENSIONS\[email protected]
    O2 - BHO: (xiamistart Class) - {658D2C4F-158A-46FB-8C96-B1C8F56DBBE9} - C:\PROGRA~1\Shark\XIAMIP~1.DLL File not found
    @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:2A81F9CE
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:63238B95
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4F227235
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

In your next reply I would like to see:
  • OTL fix log
  • ADWCleaner log
  • How is your computer?

  • 0

#5
ladykaze

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi I had done as instructed. Here are the logs you requested.

1. OTL fix log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-631317932-1057005952-1023814535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry key HKEY_USERS\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "http://www.hao123.com" removed from browser.startup.homepage
C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]p\defaults folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{658D2C4F-158A-46FB-8C96-B1C8F56DBBE9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{658D2C4F-158A-46FB-8C96-B1C8F56DBBE9}\ deleted successfully.
ADS C:\ProgramData\TEMP:2A81F9CE deleted successfully.
ADS C:\ProgramData\TEMP:63238B95 deleted successfully.
ADS C:\ProgramData\TEMP:4F227235 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Miss Yi Jun
->Temp folder emptied: 20706657 bytes
->Temporary Internet Files folder emptied: 192350754 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 427779831 bytes
->Flash cache emptied: 4498 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 21504000 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85179435 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 713.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01312013_001338

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2. ADWCleaner log

# AdwCleaner v2.109 - Logfile created 01/31/2013 at 00:28:30
# Updated 26/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Miss Yi Jun - MISSYIJUN-PC
# Boot Mode : Normal
# Running from : C:\Users\Miss Yi Jun\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\Plasmoo
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Miss Yi Jun\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Miss Yi Jun\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\TENCENT
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Miss Yi Jun\AppData\Roaming\Mozilla\Firefox\Profiles\gdrfjdab.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={AA03B909-57F2-4F4A-BBE0-0A47923E[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={AA03B909-57F2-4F4A-BBE0-0A47923E4AC1}&m[...]

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Miss Yi Jun\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : homepage = "hxxp://isearch.avg.com/?cid={AA03B909-57F2-4F4A-BBE0-0A47923E4AC1}&mid=927292b52c[...]
Deleted [l.1741] : homepage = "hxxp://isearch.avg.com/?cid={AA03B909-57F2-4F4A-BBE0-0A47923E4AC1}&mid=927292b52c384[...]

*************************

AdwCleaner[S1].txt - [22359 octets] - [10/09/2012 14:10:17]
AdwCleaner[S2].txt - [5785 octets] - [31/01/2013 00:28:30]

########## EOF - C:\AdwCleaner[S2].txt - [5845 octets] ##########

3. How is your computer?

It usually acts up when I switch on my computer for some time so I can't really say yet as I have not use the computer long enough today. It seems ok for now. I will need a bit of time to observe.
  • 0

#6
ladykaze

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
3. How is your computer?

It is acting crazy once agaiiiiiiiiiiiiiiiiiiitday. That's what I gggggggggggggggggggget.
  • 0

#7
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi,
Sorry about the delay, I have had my job dumping lots of work on me for the past few days.

I want to take a quick look at another area of your system with different malware scanner, and then view your error logs, maybe we can spot the problem in there.
At this point, it does not look like a malware problem, but I want to make sure.

Step 1
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
You can answer yes to the question Would you like to download the latest Avast! virus definitions?
Posted Image

Click the [Scan] button to start scan
Posted Image


On completion of the scan click [Save log], save it to your desktop and post in your next reply

Step 2
  • Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
  • Double-click VEW.exe
  • Under 'Select log to query', select :
  • Application
  • System
<li>Under 'Select type to list', select:
  • Error
  • Warning
  • Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
Please post the Output log in your next reply

In your next reply I would like to see:
  • ASWmbr log
  • the output log from VEW

  • 0

#8
ladykaze

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi, no problem. Thank you so much for taking the time to help. I hope to get my PC fixed. Writing my report with this PC will be a problem.

1. ASWmbr log
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-01 19:03:27
-----------------------------
19:03:27.242 OS Version: Windows 6.0.6002 Service Pack 2
19:03:27.242 Number of processors: 2 586 0xF0D
19:03:27.244 ComputerName: MISSYIJUN-PC UserName: Miss Yi Jun
19:04:16.003 Initialize success
19:04:35.294 AVAST engine defs: 13013100
19:05:11.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:05:11.921 Disk 0 Vendor: Hitachi_HDT725032VLA360 V54OA7EA Size: 305245MB BusType: 3
19:05:11.932 Disk 0 MBR read successfully
19:05:11.935 Disk 0 MBR scan
19:05:11.942 Disk 0 Windows VISTA default MBR code
19:05:11.953 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225000 MB offset 2048
19:05:11.976 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 80243 MB offset 460802048
19:05:11.982 Disk 0 scanning sectors +625139712
19:05:12.039 Disk 0 scanning C:\Windows\system32\drivers
19:05:32.836 Service scanning
19:08:03.540 Modules scanning
19:08:29.087 Disk 0 trace - called modules:
19:08:29.117 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll intelide.sys PCIIDEX.SYS atapi.sys
19:08:29.146 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8636aac8]
19:08:29.152 3 CLASSPNP.SYS[833ab8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x855f8b98]
19:08:41.236 AVAST engine scan C:\Windows
19:09:43.346 AVAST engine scan C:\Windows\system32
19:25:15.165 AVAST engine scan C:\Windows\system32\drivers
19:25:33.454 AVAST engine scan C:\Users\Miss Yi Jun
20:13:45.236 AVAST engine scan C:\ProgramData
20:22:00.515 Scan finished successfully
22:20:43.025 Disk 0 MBR has been saved successfully to "C:\Users\Miss Yi Jun\Desktop\MBR.dat"
22:20:43.047 The log file has been saved successfully to "C:\Users\Miss Yi Jun\Desktop\aswMBR.txt"

the output log from VEW


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/02/2013 10:23:46 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/02/2013 11:01:57 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 31/01/2013 1:42:22 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/01/2013 4:32:20 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/01/2013 4:20:37 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/01/2013 2:05:43 PM
Type: Error Category: 0
Event: 0 Source: Lavasoft Ad-Aware Service
The event description cannot be found.

Log: 'Application' Date/Time: 30/01/2013 2:02:11 PM
Type: Error Category: 0
Event: 0 Source: Lavasoft Ad-Aware Service
The event description cannot be found.

Log: 'Application' Date/Time: 30/01/2013 2:00:50 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 29/01/2013 2:58:19 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 29/01/2013 2:58:19 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 29/01/2013 2:54:18 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 29/01/2013 2:54:18 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 29/01/2013 2:49:28 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 29/01/2013 2:49:28 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 29/01/2013 11:36:57 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 28/01/2013 4:10:23 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 27/01/2013 2:57:46 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 27/01/2013 2:57:46 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 27/01/2013 12:45:41 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 27/01/2013 11:31:16 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\MISS YI JUN\DOCUMENTS\ANIME\RHYTHM OF FATE\S202.DOCX> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 27/01/2013 11:31:16 AM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\MISS YI JUN\DOCUMENTS\ANIME\RHYTHM OF FATE\S202.DOCX> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 31/01/2013 4:41:53 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 852 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA
Process 3764 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 30/01/2013 4:29:44 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3132 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 30/01/2013 4:17:28 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3144 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 29/01/2013 3:53:50 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3960 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3960 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 3960 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3960 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3960 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root


Log: 'Application' Date/Time: 28/01/2013 4:51:17 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1472 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 27/01/2013 11:33:52 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1496 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 26/01/2013 5:05:26 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1316 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 26/01/2013 11:36:25 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2156 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 25/01/2013 3:52:54 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3768 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 25/01/2013 11:56:00 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 20 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 4084 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 24/01/2013 4:57:02 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 4088 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 23/01/2013 4:22:07 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3580 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 22/01/2013 3:56:37 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2860 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 21/01/2013 5:21:21 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3920 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 20/01/2013 6:03:03 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 21 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1364 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1364 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1364 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1364 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 920 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 1364 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3800 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 19/01/2013 5:21:48 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3948 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA
Process 1348 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 19/01/2013 6:40:24 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 1416 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1416 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1416 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1416 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1416 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root


Log: 'Application' Date/Time: 18/01/2013 4:39:14 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3648 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA
Process 1380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 17/01/2013 5:06:45 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 30 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1312 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA
Process 1400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


Log: 'Application' Date/Time: 16/01/2013 11:30:12 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3604 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/02/2013 11:01:58 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: i8042prt

Log: 'System' Date/Time: 01/02/2013 11:01:58 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 01/02/2013 11:01:58 AM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 01/02/2013 11:01:58 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Aspi32 service failed to start due to the following error: Aspi32 is not a valid Win32 application.

Log: 'System' Date/Time: 01/02/2013 11:00:50 AM
Type: Error Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Processor-Power
Idle power management features on processor 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 01/02/2013 11:00:50 AM
Type: Error Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Processor-Power
Idle power management features on processor 1 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 31/01/2013 4:42:19 PM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 31/01/2013 4:41:52 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 31/01/2013 1:42:22 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: i8042prt

Log: 'System' Date/Time: 31/01/2013 1:42:22 PM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 31/01/2013 1:42:22 PM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 31/01/2013 1:42:22 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Aspi32 service failed to start due to the following error: Aspi32 is not a valid Win32 application.

Log: 'System' Date/Time: 31/01/2013 1:41:22 PM
Type: Error Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Processor-Power
Idle power management features on processor 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 31/01/2013 1:41:22 PM
Type: Error Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Processor-Power
Idle power management features on processor 1 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 30/01/2013 4:32:20 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: i8042prt

Log: 'System' Date/Time: 30/01/2013 4:32:20 PM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 30/01/2013 4:32:20 PM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 30/01/2013 4:32:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Aspi32 service failed to start due to the following error: Aspi32 is not a valid Win32 application.

Log: 'System' Date/Time: 30/01/2013 4:31:15 PM
Type: Error Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Processor-Power
Idle power management features on processor 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 30/01/2013 4:31:15 PM
Type: Error Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Processor-Power
Idle power management features on processor 1 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/01/2013 3:50:56 PM
Type: Warning Category: 0
Event: 54 Source: TrueSight
The event description cannot be found.

Log: 'System' Date/Time: 26/01/2013 10:20:13 AM
Type: Warning Category: 0
Event: 4227 Source: Tcpip
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.

Log: 'System' Date/Time: 16/01/2013 5:49:45 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:49:12 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:48:54 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:43:56 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:43:27 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:40:45 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:40:15 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:39:09 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:38:39 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:37:11 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:36:41 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:33:53 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/01/2013 5:33:21 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001CC053C98D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 13/01/2013 9:13:52 AM
Type: Warning Category: 2
Event: 136 Source: Ntfs
The default transaction resource manager on volume F: encountered an error while starting and its metadata was reset. The data contains the error code.

Log: 'System' Date/Time: 12/01/2013 1:08:49 PM
Type: Warning Category: 2
Event: 57 Source: volmgr
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 12/01/2013 1:08:49 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR3 during a paging operation.

Log: 'System' Date/Time: 12/01/2013 1:08:49 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR3 during a paging operation.

Log: 'System' Date/Time: 12/01/2013 1:08:49 PM
Type: Warning Category: 0
Event: 51 Source: disk
An error was detected on device \Device\Harddisk1\DR3 during a paging operation.
  • 0

#9
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hello LadyKaze,
I do see some issues in your event logs, not sure if fixing them will help your issue or not, but let's fix them and take it from there.
Step 1
Please run the Microsoft Fixit found on this page here
You will find the fixit in the Fix it for me section.

Step 2
I would like you to uninstall Lavasoft AdAware as I see one of it's services are misbehaving.
If you don't see it in the uninstall list, let me know, and skip to the next step.

Step 3
This will address another of the errors in your event log --
  • Click on the Start orb, expand All Programs, then expand Accessories
  • Right-Click Command Prompt then select Run as administrator
  • At the command prompt type lodctr /r, then press enter - please make sure there is a space between the r and the /

Step 4
error 1530 is not a real serious error, but I see it's being caused by Windows Live Essentials.
Do you use any of the features of Windows Live Essentials? These would be the Movie Maker, the screensaver that shows off your photos among others.
If you don't use any of it's features, it would be ok to uninstall Windows Live Essentials. This error is harmless, as this behavior is by design.
Please let me know if you use any of it's features, and we will proceede from there.

Let's just take care of these for now, while I research some of the others.

Let me know your progress and if anything we do here has helped the the freezing.
  • 0

#10
ladykaze

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi, I had done as instructed.

Step 1:
Microsoft Fix it came up with an error as it does not apply to my operating system or application version

Step 2:
Done

Step 3:
Done

Step 4:
I'm using Window Movie Maker. I'm not sure what else I'm using.

I had done as inssssssssssssssssssstructed bI still get this. Thank you so much for putting so much effort in helping me. I wonder if my computer is dying.
  • 0

Advertisements


#11
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
My apologies, I mistakenly thought for a minute that you were running Win 7.

There is no automated fix for Vista, but that's ok, I will get it all together for you.
Let's not pronounce your computer dying quite yet, and remember, if I can't solve this with you, I will turn you over to one of the Techs here, and I am sure they will find out the cause of your issues.

Here is the replacement instruction for my previous step #1
Step 1
Click on the start orb and type in Notepad press enter.
Copy the text below and paste it into the open Notepad window:

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\subscription")

Set obj1 = objWMIService.Get("__EventFilter.Name='BVTFilter'")

set obj2set = obj1.Associators_("__FilterToConsumerBinding")

set obj3set = obj1.References_("__FilterToConsumerBinding")



For each obj2 in obj2set
WScript.echo "Deleting the object"
WScript.echo obj2.GetObjectText_
obj2.Delete_
next

For each obj3 in obj3set
WScript.echo "Deleting the object"
WScript.echo obj3.GetObjectText_
obj3.Delete_
next

WScript.echo "Deleting the object"
WScript.echo obj1.GetObjectText_
obj1.Delete_


In the notepad window, click on File then Save As.
In the Save As box, change the Save as type to All Files
Type Test.vbs into the File name then select Desktop from the list of folders,and click on Save

Next, please right click on the file you just created, test.vbs and select Run as administrator

Step 2
Click on the Start Orb, then right click on Computer.
Click on Manage and if you get a prompt from the User Account control click on continue.
Next expand Event Viewer by clicking on the little triangle to the left of the Event View icon.
Expand Windows Logs by clicking in the little triangle to the left of the folder icon on the left.
Right click on System and select Clear log.
Right click on Application and select Clear log
Reboot your computer.

Step 3
Now I would like you to use your computer for a little while, then do the following:
  • Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
  • right-click VEW.exe and select Run as administrator
  • Under 'Select log to query', select:
  • Application
  • System
<li>Under 'Select type to list', select:
  • Error
  • Warning
Then use the 'Date of events' or 'Number of events' as follows:

  • Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box

    Then click the Run button.
    Notepad will open with the output log.
Please post the Output log in your next reply
  • 0

#12
ladykaze

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi, I had done as instructed. Thank you so much for your help. Please see the output log:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 04/02/2013 1:45:21 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/02/2013 5:43:26 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/02/2013 5:40:30 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-631317932-1057005952-1023814535-1000:
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\trust
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Policies\Microsoft\SystemCertificates
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\My
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Root
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3868 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-631317932-1057005952-1023814535-1000\Software\Microsoft\SystemCertificates\CA


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/02/2013 5:43:29 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: i8042prt

Log: 'System' Date/Time: 03/02/2013 5:43:29 PM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 03/02/2013 5:43:29 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Aspi32 service failed to start due to the following error: Aspi32 is not a valid Win32 application.

Log: 'System' Date/Time: 03/02/2013 5:41:33 PM
Type: Error Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Processor-Power
Idle power management features on processor 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 03/02/2013 5:41:33 PM
Type: Error Category: 0
Event: 1 Source: Microsoft-Windows-Kernel-Processor-Power
Idle power management features on processor 1 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Log: 'System' Date/Time: 03/02/2013 5:40:36 PM
Type: Error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 03/02/2013 5:40:35 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by ladykaze, 03 February 2013 - 11:48 AM.

  • 0

#13
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi there,
can you please do the following for me:
Step 1
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Step 2
I would like to finish with the malware removal right now and we need to sweep for any remnants.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files/ESET/ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • checkup.txt
  • MalwareBytes log
  • ESET online scan log. Careful with this one, it's easy to lose.
  • Any improvment ?

  • 0

#14
ladykaze

ladykaze

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi, sorry it took me some time. For the logs I'm not able to give you all. Please see what I have anyway.
checkup.txt
Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
HijackThis 2.0.2
CCleaner (remove only)
Java 7 Update 11
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


MalwareBytes log
Because it hangs, I'm not able to remove the threat.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.05.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Miss Yi Jun :: MISSYIJUN-PC [administrator]

05/02/2013 10:51:32 PM
MBAM-log-2013-02-05 (23-19-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233557
Time elapsed: 27 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 15
C:\Users\Miss Yi Jun\funshion (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\cache (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\cache\Cacheflash (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\cache\flash (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\cache\flashNew (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\cache\flashStamp (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\cache\playhome (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\cache\popwind (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\control (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\historyTorrent (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\ini (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\Seed (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\serv (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\Shortcut (PUP.Funshion) -> No action taken.
C:\Users\Miss Yi Jun\funshion\update (PUP.Funshion) -> No action taken.

Files Detected: 0
(No malicious items detected)

(end)

ESET online scan log.
I'm not sure if this is the one as I'm not able to locate the log in C:\Program Files/ESET/ESET Online Scanner\log.txt?
C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
D:\Programs\FFSetup190.zip Win32/Adware.ADON application


Any improvment ?
It seems to get better but I better observe.

Edited by ladykaze, 05 February 2013 - 09:21 AM.

  • 0

#15
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts

Hi, sorry it took me some time.

No problem, we are working on your schedule.
I can remove those files and folders with OTL
I do see CCleaner in the security check log - if you are using this program, please do not use any of the registry cleaning features. Messing with the registry is never a good idea, and can do some real damage to Windows.
Your Adobe reader is way out of date. The current version is now at 11 (XI). At some point, I would like you to uninstall version 9 and download the newest version from here

You say that MalwareBytes was freezing? It did not freeze while scanning, but when removing, correct? No problem, I am removing all that it found in this OTL fix --

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    :files
    C:\Users\Miss Yi Jun\funshion
    C:\Program Files\Common Files\DVDVideoSoft\AskTB
    D:\Programs\FFSetup190.zip
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

In your next reply I would like to see:
  • OTL fix log
  • the contents of JRT.txt
  • How is the computer doing now?

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP