Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Infected?

  1. #1
    Member
    Join Date
    Sep 2008
    Posts
    37

    Default Infected?

    Hello,

    I have just resurrected my pc after about 4 months in hibernation. The first thing I did was bring all anti-virus, OS and malware s/w up to current releases and ran all available scans.

    Nothing bad was found (Spybot found some items and they were all successfully removed).

    However, the pc is incredibly slow and often freezes causing me to have to do a hard reboot.

    Any help you can provide is greatly appreciated.

    Thanks, Steve.

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR

    Download DDS from one of the links below to your desktop

    Link 1
    Link 2

    • Double click the tool to run it.
    • A black Screen will open, just read the contents and do nothing.
    • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
    • Copy/Paste the contents of 'DDS.txt' into your post.
    • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)


    Information on A/V control Here
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Sep 2008
    Posts
    37

    Default

    Hi.

    I am having trouble running this because of Avast.

    It tells me it's a suspicious program and suggests I open in the sandbox. Whether I do that or try to 'open normally', nothing happens.

    Thanks.

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Here is some info on how to run disable Avast, if DDS still wont run then try running it in Safemode


    http://technical-support-squad.blogs...antivirus.html
    https://support.avast.com/index.php?...barticleid=787




    To Enter Safemode
    • Go to Start> Shut off your Computer> Restart
    • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
      this will bring up a menu.
    • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
    • Then press the Enter Key on your Keyboard

    Tutorial if you need it How to boot into Safemode
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member
    Join Date
    Sep 2008
    Posts
    37

    Default

    Thanks- that worked and here are the requested files.


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Tod at 19:17:40 on 2012-05-01
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.2.1033.18.4094.2021 [GMT -7:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ASUS\Six Engine\SixEngine.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files\TELUS\McciTrayApp.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Tod\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\NDAS\System\ndasmgmt.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Users\Tod\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\CtHelper.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Users\Tod\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Users\Tod\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\NDAS\System\ndassvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\conime.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "C:\Users\Tod\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Tod\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\Users\Tod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NDASDE~1.LNK - C:\Program Files (x86)\NDAS\System\ndasmgmt.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
    TCP: Interfaces\{02463494-57D4-4586-AD19-9F63FC6F579D} : DhcpNameServer = 192.168.1.254 75.153.176.9
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
    Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    mRun-x64: [CTHelper] CTHELPER.EXE
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\4kfxj1s5.default\
    FF - prefs.js: browser.startup.homepage - www.mytelus.com
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 lfsfilt;NDAS Lean File Sharing Service;C:\Windows\system32\DRIVERS\lfsfilt.sys --> C:\Windows\system32\DRIVERS\lfsfilt.sys [?]
    R0 lpx;LPX Protocol;C:\Windows\system32\DRIVERS\lpx6x.sys --> C:\Windows\system32\DRIVERS\lpx6x.sys [?]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 ndasfs;ndasfs;C:\Windows\system32\DRIVERS\ndasfs.sys --> C:\Windows\system32\DRIVERS\ndasfs.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 ndasfat;NDAS FAT File System Service;C:\Windows\system32\DRIVERS\ndasfat.sys --> C:\Windows\system32\DRIVERS\ndasfat.sys [?]
    R1 ndasrofs;NDAS ROFS File System Service;C:\Windows\system32\DRIVERS\ndasrofs.sys --> C:\Windows\system32\DRIVERS\ndasrofs.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-29 44768]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-1-30 21504]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-6-20 2152152]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-10-17 517632]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-30 2253120]
    R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-6-25 17152]
    R3 ndasbus;NDAS Bus Driver;C:\Windows\system32\DRIVERS\ndasbus.sys --> C:\Windows\system32\DRIVERS\ndasbus.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-31 136176]
    S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-30 79360]
    S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
    S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
    S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-31 136176]
    S3 ndasscsi;NDAS SCSI Miniport Driver;C:\Windows\system32\DRIVERS\ndasscsi.sys --> C:\Windows\system32\DRIVERS\ndasscsi.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 SaiH0461;SaiH0461;C:\Windows\system32\DRIVERS\SaiH0461.sys --> C:\Windows\system32\DRIVERS\SaiH0461.sys [?]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-1-30 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-05-01 02:42:13 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{781EFDD3-21A9-4965-8734-F62428C20879}\mpengine.dll
    2012-05-01 02:41:32 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-04-28 16:17:09 -------- d-----w- C:\Program Files (x86)\TurboTax 2011
    2012-04-23 23:18:54 -------- d-----w- C:\Program Files\iPod
    2012-04-23 23:18:51 -------- d-----w- C:\Program Files\iTunes
    2012-04-23 23:18:51 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-04-23 05:43:36 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-23 05:43:26 78848 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-23 05:43:26 5632 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-23 05:43:26 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-23 05:43:26 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-23 05:43:25 219136 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-23 05:43:25 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-23 05:43:25 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-23 05:19:51 1585152 ----a-w- C:\Windows\System32\ntdll.dll
    2012-04-23 05:19:50 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-04-23 05:19:47 76800 ----a-w- C:\Windows\System32\packager.dll
    2012-04-23 05:19:46 66560 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-04-23 04:59:18 347136 ----a-w- C:\Windows\System32\schannel.dll
    2012-04-23 04:59:17 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-04-23 04:59:17 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-04-23 04:59:17 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
    2012-04-23 04:59:16 442368 ----a-w- C:\Windows\System32\winhttp.dll
    2012-04-23 04:59:16 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2012-04-23 04:59:15 94720 ----a-w- C:\Windows\System32\secur32.dll
    2012-04-23 04:59:15 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-04-23 04:59:15 11264 ----a-w- C:\Windows\System32\lsass.exe
    2012-04-23 04:59:06 451072 ----a-w- C:\Windows\System32\winsrv.dll
    2012-04-23 04:58:12 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-04-23 04:58:08 28672 ----a-w- C:\Windows\System32\mciwave.dll
    2012-04-23 04:58:08 28160 ----a-w- C:\Windows\System32\mciseq.dll
    2012-04-23 04:58:08 211968 ----a-w- C:\Windows\System32\winmm.dll
    2012-04-23 04:58:06 48128 ----a-w- C:\Windows\System32\mcicda.dll
    2012-04-23 04:58:06 23552 ----a-w- C:\Windows\SysWow64\mciseq.dll
    2012-04-23 04:58:06 189952 ----a-w- C:\Windows\SysWow64\winmm.dll
    2012-04-23 04:55:16 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{890E3F9F-BC1D-41C2-AC3B-FD1215709CC9}\gapaengine.dll
    2012-04-23 04:51:06 708096 ----a-w- C:\Windows\System32\rdpencom.dll
    2012-04-23 04:51:06 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
    2012-04-23 04:51:06 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
    2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
    2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-07 18:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 19:21:07.28 ===============

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Nothing really jumping out at me on your DDS log, the only thing I see that could be a problem is Microsoft Security Essentials, it may be banging heads with Avast, try uninstalling it and see if it makes a difference, more than one Antivirus program can sometimes cause issues.


    Are you getting any browser redirects or unwanted pop up windows ?



    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean





    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Member
    Join Date
    Sep 2008
    Posts
    37

    Default

    Good evening,

    I uninstalled MS Essentials as per your suggestion.

    I ran TFC successfully- and was prompted for a reboot which was completed.

    I installed Malwarebytes and no infected files were found.

    Here is the log:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.02.09

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Tod :: MANNING-PC [administrator]

    02/05/2012 5:54:43 PM
    mbam-log-2012-05-02 (17-54-43).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 239561
    Time elapsed: 7 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Thank you for your help so far. I must say I'm a little disappointed nothing has been found so far as this unit is running quite slowly and often freezes.

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets check a bit further

    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply






    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member
    Join Date
    Sep 2008
    Posts
    37

    Default

    Here is the aswMRB log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-03 17:42:04
    -----------------------------
    17:42:04.019 OS Version: Windows x64 6.0.6002 Service Pack 2
    17:42:04.019 Number of processors: 4 586 0x1707
    17:42:04.019 ComputerName: MANNERING-PC UserName: Steve
    17:42:05.396 Initialize success
    17:42:08.914 AVAST engine defs: 12050301
    17:42:14.358 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
    17:42:14.361 Disk 0 Vendor: ST3400620AS 3.AAD Size: 381554MB BusType: 3
    17:42:14.363 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-4
    17:42:14.366 Disk 1 Vendor: WDC_WD1002FAEX-00Y9A0 01.01V01 Size: 953869MB BusType: 3
    17:42:14.369 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-5
    17:42:14.372 Disk 2 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
    17:42:14.376 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\JRAID1Port4Path0Target0Lun0
    17:42:14.380 Disk 3 Vendor: SAMSUNG_ Size: 114498MB BusType: 1
    17:42:14.424 Disk 1 MBR read successfully
    17:42:14.428 Disk 1 MBR scan
    17:42:14.433 Disk 1 Windows VISTA default MBR code
    17:42:14.437 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953867 MB offset 2048
    17:42:14.453 Disk 1 scanning C:\Windows\system32\drivers
    17:42:21.212 Service scanning
    17:42:32.410 Modules scanning
    17:42:32.411 Disk 1 trace - called modules:
    17:42:32.429 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    17:42:32.430 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80068575a0]
    17:42:32.430 3 CLASSPNP.SYS[fffffa6000d5ac33] -> nt!IofCallDriver -> [0xfffffa8004c4d9b0]
    17:42:32.431 5 acpi.sys[fffffa60008f2fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-4[0xfffffa8004c42940]
    17:42:33.628 AVAST engine scan C:\Windows
    17:42:37.134 AVAST engine scan C:\Windows\system32
    17:44:35.695 AVAST engine scan C:\Windows\system32\drivers
    17:44:50.370 AVAST engine scan C:\Users\Tod
    17:48:33.772 AVAST engine scan C:\ProgramData
    17:52:10.269 Scan finished successfully
    18:02:15.979 Disk 1 MBR has been saved successfully to "C:\Users\Tod\Desktop\MBR.dat"
    18:02:15.985 The log file has been saved successfully to "C:\Users\Tod\Desktop\aswMBR.txt"

    Here's the OTL.txt log:

    OTL logfile created on: 03/05/2012 6:04:31 PM - Run 1
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Tod\Desktop
    64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.99% Memory free
    8.18 Gb Paging File | 5.81 Gb Available in Paging File | 71.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.51 Gb Total Space | 700.80 Gb Free Space | 75.23% Space Free | Partition Type: NTFS
    Drive E: | 372.61 Gb Total Space | 354.69 Gb Free Space | 95.19% Space Free | Partition Type: NTFS
    Drive F: | 78.12 Gb Total Space | 37.99 Gb Free Space | 48.63% Space Free | Partition Type: NTFS
    Drive G: | 387.63 Gb Total Space | 380.06 Gb Free Space | 98.05% Space Free | Partition Type: NTFS
    Drive H: | 111.80 Gb Total Space | 111.49 Gb Free Space | 99.72% Space Free | Partition Type: NTFS

    Computer Name: MANNING-PC | User Name: Tod | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Tod\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe (Alcatel-Lucent)
    PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
    PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
    PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
    PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\Tod\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll ()
    MOD - C:\Users\Tod\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Users\Tod\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll ()
    MOD - C:\Users\Tod\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll ()
    MOD - C:\Users\Tod\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll ()
    MOD - C:\Users\Tod\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\ASUS\Six Engine\SixEngine.exe ()
    MOD - C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll ()
    MOD - C:\Windows\SysWOW64\AsIO.dll ()
    MOD - C:\Program Files\ASUS\Six Engine\pngio.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (ndassvc) -- C:\Program Files\NDAS\System\ndassvc.exe (XIMETA, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\hap17v2k.sys (Creative Technology Ltd)
    DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\hap16v2k.sys (Creative Technology Ltd)
    DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
    DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
    DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
    DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
    DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
    DRV:64bit: - (CTERFXFX.SYS) -- C:\Windows\SysNative\drivers\CTERFXFX.SYS (Creative Technology Ltd)
    DRV:64bit: - (CTERFXFX) -- C:\Windows\SysNative\drivers\CTERFXFX.SYS (Creative Technology Ltd)
    DRV:64bit: - (CTSBLFX.SYS) -- C:\Windows\SysNative\drivers\CTSBLFX.SYS (Creative Technology Ltd)
    DRV:64bit: - (CTSBLFX) -- C:\Windows\SysNative\drivers\CTSBLFX.SYS (Creative Technology Ltd)
    DRV:64bit: - (CTAUDFX.SYS) -- C:\Windows\SysNative\drivers\CTAUDFX.SYS (Creative Technology Ltd)
    DRV:64bit: - (CTAUDFX) -- C:\Windows\SysNative\drivers\CTAUDFX.SYS (Creative Technology Ltd)
    DRV:64bit: - (COMMONFX.SYS) -- C:\Windows\SysNative\drivers\COMMONFX.SYS (Creative Technology Ltd)
    DRV:64bit: - (COMMONFX) -- C:\Windows\SysNative\drivers\COMMONFX.SYS (Creative Technology Ltd)
    DRV:64bit: - (lfsfilt) -- C:\Windows\SysNative\DRIVERS\lfsfilt.sys (XIMETA, Inc.)
    DRV:64bit: - (lpx) -- C:\Windows\SysNative\DRIVERS\lpx6x.sys (XIMETA, Inc.)
    DRV:64bit: - (ndasbus) -- C:\Windows\SysNative\DRIVERS\ndasbus.sys (XIMETA, Inc.)
    DRV:64bit: - (ndasfat) -- C:\Windows\SysNative\DRIVERS\ndasfat.sys (Windows (R) Codename Longhorn DDK provider)
    DRV:64bit: - (ndasfs) -- C:\Windows\SysNative\DRIVERS\ndasfs.sys (XIMETA, Inc.)
    DRV:64bit: - (ndasrofs) -- C:\Windows\SysNative\DRIVERS\ndasrofs.sys (XIMETA, Inc.)
    DRV:64bit: - (ndasscsi) -- C:\Windows\SysNative\DRIVERS\ndasscsi.sys (XIMETA, Inc.)
    DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (JRAID) -- C:\Windows\SysNative\DRIVERS\jraid.sys (JMicron Technology Corp.)
    DRV:64bit: - (SaiH0461) -- C:\Windows\SysNative\DRIVERS\SaiH0461.sys (Saitek)
    DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL (Creative Technology Ltd.)
    DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL (Creative Technology Ltd.)
    DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL (Creative Technology Ltd.)
    DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd)
    DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd)
    DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd)
    DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd)
    DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
    DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 5E 40 A0 9B 07 CC 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {5EEF6327-6F66-4C37-AF65-D435397B4B39}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{5EEF6327-6F66-4C37-AF65-D435397B4B39}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGHP_enCA417
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.mytelus.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tod\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tod\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/04/22 20:46:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/02 19:49:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/22 20:54:12 | 000,000,000 | ---D | M]

    [2011/03/17 22:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tod\AppData\Roaming\Mozilla\Extensions
    [2011/05/07 20:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\4kfxj1s5.default\extensions
    [2012/04/22 21:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/03/07 18:06:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/11 16:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/10/16 15:41:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGHP_enCA417
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tod\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Tod\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tod\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
    CHR - Extension: Gmail = C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\McciTrayApp.exe (Alcatel-Lucent)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - Startup: C:\Users\Tod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pu...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02463494-57D4-4586-AD19-9F63FC6F579D}: DhcpNameServer = 192.168.1.254 75.153.176.9
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-tt2010 - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{ba0adc00-7474-11e0-8a07-0022154749fa}\Shell - "" = AutoRun
    O33 - MountPoints2\{ba0adc00-7474-11e0-8a07-0022154749fa}\Shell\AutoRun\command - "" = M:\laucher.exe
    O33 - MountPoints2\{ba0adc66-7474-11e0-8a07-0022154749fa}\Shell - "" = AutoRun
    O33 - MountPoints2\{ba0adc66-7474-11e0-8a07-0022154749fa}\Shell\AutoRun\command - "" = N:\LaunchU3.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/03 17:44:01 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Tod\Desktop\OTL.exe
    [2012/05/03 17:41:40 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tod\Desktop\aswMBR.exe
    [2012/05/02 17:54:10 | 000,000,000 | ---D | C] -- C:\Users\Tod\AppData\Roaming\Malwarebytes
    [2012/05/02 17:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/05/02 17:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/05/02 17:53:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/05/02 17:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/05/02 17:41:55 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tod\Desktop\TFC.exe
    [2012/04/28 09:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TurboTax 2011
    [2012/04/23 16:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/04/23 16:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/04/23 16:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/04/23 16:18:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/04/22 22:59:39 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/04/22 22:59:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/04/22 22:59:36 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/04/22 22:59:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/04/22 22:59:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/04/22 22:59:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/04/22 22:59:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/04/22 22:59:35 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/04/22 22:59:34 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/04/22 22:59:34 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/04/22 22:59:33 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/04/22 22:43:36 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/04/22 22:43:26 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
    [2012/04/22 22:43:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
    [2012/04/22 22:43:25 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012/04/22 22:22:16 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2012/04/22 22:22:16 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2012/04/22 22:22:16 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2012/04/22 22:22:15 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2012/04/22 22:22:15 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2012/04/22 22:22:12 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
    [2012/04/22 22:22:10 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
    [2012/04/22 22:22:10 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
    [2012/04/22 22:22:09 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2012/04/22 22:22:09 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2012/04/22 22:19:51 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2012/04/22 22:19:47 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
    [2012/04/22 22:19:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
    [2012/04/22 21:59:17 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2012/04/22 21:59:15 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
    [2012/04/22 21:59:06 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012/04/22 21:58:08 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
    [2012/04/22 21:58:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll
    [2012/04/22 21:58:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll
    [2012/04/22 21:58:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll
    [2012/04/22 21:58:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll
    [2012/04/22 21:51:06 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
    [2012/04/22 21:51:06 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
    [2012/04/22 20:46:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/05/03 18:02:15 | 000,000,512 | ---- | M] () -- C:\Users\Tod\Desktop\MBR.dat
    [2012/05/03 17:49:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/03 17:44:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tod\Desktop\OTL.exe
    [2012/05/03 17:41:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tod\Desktop\aswMBR.exe
    [2012/05/03 17:39:38 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3513721917-566077972-59493417-1000UA.job
    [2012/05/03 17:39:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/03 16:18:12 | 000,035,184 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000004-20011102}.rfx
    [2012/05/03 16:18:12 | 000,035,184 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000004-20011102}.rfx
    [2012/05/03 16:18:12 | 000,029,508 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000001-00001102-00000004-20011102}.rfx
    [2012/05/03 16:18:12 | 000,029,508 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000004-20011102}.rfx
    [2012/05/03 16:18:12 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000004-20011102}.rfx
    [2012/05/03 15:37:33 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3513721917-566077972-59493417-1000Core.job
    [2012/05/03 15:33:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd2103d4777730.job
    [2012/05/03 15:33:39 | 000,002,070 | ---- | M] () -- C:\Users\Tod\Desktop\Google Chrome.lnk
    [2012/05/03 15:33:39 | 000,002,032 | ---- | M] () -- C:\Users\Tod\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/05/02 20:43:16 | 000,005,923 | ---- | M] () -- C:\Users\Tod\Desktop\Computer Desk.jpg
    [2012/05/02 20:18:28 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/02 20:18:28 | 000,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/02 18:24:39 | 000,716,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/05/02 18:24:39 | 000,616,582 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/05/02 18:24:39 | 000,113,838 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/05/02 18:17:57 | 4294,041,600 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/02 18:07:55 | 004,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-20011102}.CDF
    [2012/05/02 18:07:55 | 004,931,577 | ---- | M] () -- C:\Windows\{00000005-00000000-00000001-00001102-00000004-20011102}.BAK
    [2012/05/02 17:53:24 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/02 17:42:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tod\Desktop\TFC.exe
    [2012/05/02 17:40:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/04/30 19:41:39 | 000,726,414 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/04/30 19:35:03 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/04/30 19:35:03 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
    [2012/04/28 10:10:41 | 000,392,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/04/28 09:17:26 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax Canada 2011.lnk
    [2012/04/23 16:19:55 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/04/23 16:14:12 | 000,001,006 | ---- | M] () -- C:\Users\Tod\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/04/22 21:03:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/05/03 18:02:15 | 000,000,512 | ---- | C] () -- C:\Users\Tod\Desktop\MBR.dat
    [2012/05/02 20:43:34 | 000,005,923 | ---- | C] () -- C:\Users\Tod\Desktop\Computer Desk.jpg
    [2012/05/02 17:53:24 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/28 09:17:26 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax Canada 2011.lnk
    [2012/04/23 16:19:55 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/04/22 20:47:39 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd2103d4777730.job
    [2011/10/15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/09/11 04:42:10 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011/09/11 04:42:10 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/06/01 16:26:46 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
    [2011/02/28 13:27:57 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/02/14 16:26:51 | 000,007,680 | ---- | C] () -- C:\Users\Tod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/03 18:45:18 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
    [2011/02/03 18:45:15 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2011/02/03 18:45:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2011/01/30 13:47:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011/01/30 11:44:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2011/01/30 11:44:24 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2011/01/30 11:43:43 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2011/01/30 11:43:43 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2011/01/30 10:34:33 | 000,029,698 | ---- | C] () -- C:\Windows\SysWow64\ck2ifpi.dll
    [2011/01/30 10:34:33 | 000,026,626 | ---- | C] () -- C:\Windows\SysWow64\kn2iwin.dll
    [2011/01/30 10:33:57 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2011/01/29 23:42:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/01/29 23:14:01 | 000,726,414 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/29 16:14:42 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2011/01/29 16:14:42 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2011/01/29 15:57:40 | 000,031,976 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2011/01/29 15:57:25 | 000,031,585 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2011/01/29 15:57:24 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
    [2011/01/29 15:46:49 | 000,000,732 | ---- | C] () -- C:\Users\Tod\AppData\Local\d3d9caps64.dat

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 152 bytes -> C:\Users\Tod\Desktop\greenest city grant.JPG:3or4kl4x13tuuug3Byamue2s4b

    < End of report >

  10. #10
    Member
    Join Date
    Sep 2008
    Posts
    37

    Default

    And here's the Extras.txt log:

    OTL Extras logfile created on: 03/05/2012 6:04:31 PM - Run 1
    OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Tod\Desktop
    64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.99% Memory free
    8.18 Gb Paging File | 5.81 Gb Available in Paging File | 71.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.51 Gb Total Space | 700.80 Gb Free Space | 75.23% Space Free | Partition Type: NTFS
    Drive E: | 372.61 Gb Total Space | 354.69 Gb Free Space | 95.19% Space Free | Partition Type: NTFS
    Drive F: | 78.12 Gb Total Space | 37.99 Gb Free Space | 48.63% Space Free | Partition Type: NTFS
    Drive G: | 387.63 Gb Total Space | 380.06 Gb Free Space | 98.05% Space Free | Partition Type: NTFS
    Drive H: | 111.80 Gb Total Space | 111.49 Gb Free Space | 99.72% Space Free | Partition Type: NTFS

    Computer Name: MANNING-PC | User Name: Tod | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 32 9E 2A CA AB C0 CB 01 [binary data]
    "VistaSp2" = 2B A9 ED F5 B1 C0 CB 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01FBDFE4-34B7-4A20-AC90-BDEE9FFF8F19}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{1661489A-34D0-459A-9DE2-B885A77B9B56}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1C09D338-2683-4168-B184-F46E3735AB57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{387E73C6-1B72-4AFD-81D7-587DDEF46117}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{611B8A4A-B59B-492E-84B9-B364DD2125C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{84E47199-C6D8-42EF-A419-560D25D09634}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8921DE0C-D758-43F4-A33F-FC1F5EB1C94C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{977B7767-38A6-42D3-A878-47CE2E6D402C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{97E332A8-4140-4FBD-BD59-9B470CACB882}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{BE75B7A3-2E5E-4D2D-9D18-1A26A06FAC14}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{D0D65F4B-962C-431F-9ADA-D81AF93B6BB6}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E2250C08-B7A3-40FC-9C42-CE0842407699}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0165F1C0-BEE1-42FA-99E1-9D9766031475}" = protocol=6 | dir=out | app=system |
    "{01BED3D2-7676-4CBB-81E9-59B20677322C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{0B859050-3144-484C-A6F6-E04C3F64FC2B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{15161599-E111-43DC-BFA8-9320C433A5EF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{16D895B5-2CA4-4FDB-9B5A-ACF42E8DA6EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{1CBB89BD-41C2-4C45-B50F-169D64F87C0E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{3436F3FE-F3C0-4338-B018-533EDF568718}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{38696504-7503-476E-AF48-AF8134B7A6DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{43A3618B-60FD-482E-A36B-33D3A7D9299C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{45725C56-5D6E-4391-932A-0F54C9381F5C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{465760BE-322D-4E3F-A63C-92C1D36071A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{60B00138-72D2-4E11-AF66-D52C6E2A719D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{623C5105-86DA-48EB-B3EE-F698F66B614A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{8CBA50F5-6AD1-428A-91AF-3565C42C8E4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9147657C-FE67-4608-9513-6F19A153A5BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{94BC64AB-2DE7-40AC-9C6E-5ABA5F4571CB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{A041C9BB-D41F-430C-9F05-893C1C5B3042}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AE4BF0A2-A988-4B8B-A03E-2186B2F57D73}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{C87DB384-456B-482B-979A-B2EFE82DC06F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CB43EBE0-EF3B-47E4-94EB-A8E00A5D4F9F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CD122997-6417-421B-A19F-181BCE5C6E63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D204E908-A4BE-4194-A218-319F375C9106}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DDB8F937-3550-4196-91AA-E7B08704888F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DF81B047-9BB9-4DDE-AB0A-001903C4AC4E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{E0BCF83A-EDB5-4557-8257-64333521DD46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8335581-6DA9-46A9-9BCE-71E20FE961AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EB6C1DF8-2DC7-4009-A3F3-6919B10BD974}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EC771BD4-121A-4907-90EF-CF1DB51D36CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EEB93222-07AE-4DA7-901A-D4E600D38143}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F35A171F-816A-4514-B32C-80C219130C50}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{FCC7C2FD-95C9-4639-AD25-42AF8D7D2AE4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D06E205A-1BF7-48D5-BD7F-E072D0FD6A67}" = NDAS Software 3.72.2080
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "UltSounds" = Windows Sound Schemes
    "UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = The Sims 2 Family Fun Stuff
    "{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = The Sims™ 2 IKEA® Home Stuff
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{85195381-0426-4715-8D25-E21B9457FC00}" = Ad-Aware
    "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = The Sims™ 2 FreeTime
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6F5B704-06D3-4687-90F3-6195304AD755}" = The Sims™ 2 Apartment Life
    "{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}" = The Sims™ 2 Double Deluxe
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "AudioConSole" = Creative Audio Console
    "AudioCS" = Creative Audio Console
    "avast" = avast! Free Antivirus
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "EADM" = EA Download Manager
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "OpenAL" = OpenAL
    "Q-Xpress Installer" = Q-Xpress Installer 1.1.9
    "RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
    "SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
    "TELUS" = TELUS Support Centre
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 (32-bit)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 20/02/2012 5:31:30 PM | Computer Name = Manning-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5731134

    Error - 20/02/2012 5:31:30 PM | Computer Name = Manning-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5731134

    Error - 20/02/2012 5:31:31 PM | Computer Name = Manning-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/02/2012 5:31:31 PM | Computer Name = Manning-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5732132

    Error - 20/02/2012 5:31:31 PM | Computer Name = Manning-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5732132

    Error - 20/02/2012 5:31:32 PM | Computer Name = Manning-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/02/2012 5:31:32 PM | Computer Name = Manning-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5733162

    Error - 20/02/2012 5:31:32 PM | Computer Name = Manning-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5733162

    Error - 20/02/2012 8:25:23 PM | Computer Name = Manning-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/02/2012 8:25:23 PM | Computer Name = Manning-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1014

    [ Media Center Events ]
    Error - 04/02/2011 5:11:43 PM | Computer Name = Manning-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 04/02/2011 5:16:43 PM | Computer Name = Manning-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 04/02/2011 5:21:43 PM | Computer Name = Manning-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 04/02/2011 5:26:43 PM | Computer Name = Manning-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 04/02/2011 5:31:43 PM | Computer Name = Manning-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 04/02/2011 5:36:43 PM | Computer Name = Manning-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 04/02/2011 5:41:43 PM | Computer Name = Manning-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 04/02/2011 5:46:43 PM | Computer Name = Manning-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 04/02/2011 5:51:43 PM | Computer Name = Manning-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    Error - 04/02/2011 5:56:43 PM | Computer Name = Manning-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    [ OSession Events ]
    Error - 01/02/2011 10:04:27 PM | Computer Name = Manning-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 39876
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 30/04/2012 11:23:24 PM | Computer Name = Manning-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 01/05/2012 10:14:37 PM | Computer Name = Manning-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 02/05/2012 8:04:34 PM | Computer Name = Manning-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 02/05/2012 8:32:21 PM | Computer Name = Manning-PC | Source = Microsoft Antimalware | ID = 3002
    Description =

    Error - 02/05/2012 8:43:50 PM | Computer Name = Manning-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 02/05/2012 8:43:51 PM | Computer Name = Manning-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 02/05/2012 8:51:38 PM | Computer Name = Manning-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 02/05/2012 8:51:38 PM | Computer Name = Manning-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 02/05/2012 8:51:38 PM | Computer Name = Manning-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 02/05/2012 9:18:43 PM | Computer Name = Manning-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •