Jump to content


Photo

Blue Screen, Firefox crush down, -- The nicest hobby on Earth ;) -- re


  • Please log in to reply
9 replies to this topic

#1 airamx

airamx

    Active Member

  • Active Members
  • 19 posts

Posted 12 January 2012 - 06:55 AM

Hello,
System: Windows Vista
Antivirus: Norton Internet Security - when scanning it shows that everything is OK, but obviously even I can see that it certainly is not.

As in the topic all started with the crash down of Firefox, that we were unable to re-install ever since, then we have been getting blue screen quite often, especially when running flash based websites like youtube, recently we got -- The nicest hobby on Earth ;) -- related websites when opening our browsers (we use internet explorer and google chrome).

Here are the logs:

MBAM LOG:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.12.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
M :: M-PC [administrator]

12/01/2012 12:50:14 AM
mbam-log-2012-01-12 (00-50-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 171153
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Users\M\AppData\Roaming\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\ErrorSmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\ErrorSmart\Registry Backups (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Windows\Tasks\ErrorSmart Scheduled Scan.job (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\ErrorSmart\Log\2008 Mar 09 - 01_24_29 PM_725.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\ErrorSmart\Log\2008 Mar 09 - 01_24_33 PM_904.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\M\AppData\Roaming\ErrorSmart\Registry Backups\2008-03-09_13-30-41.reg (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

(end)



OLT LOG:

OTL logfile created on: 12/01/2012 1:33:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\M\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 49.19% Memory free
3.25 Gb Paging File | 2.47 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 10.75 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive D: | 2.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: M-PC | User Name: M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2012/01/12 01:26:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\M\Desktop\OTL.exe
PRC - [2011/11/12 12:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2010/12/13 13:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 01:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/03/09 15:28:02 | 000,598,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 09:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 09:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/08/30 16:25:44 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2007/02/02 11:05:12 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (GoToAssist)
SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/08/03 23:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/12/13 13:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20111223.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/12 11:18:10 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2011/11/09 02:14:38 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/11/09 02:14:37 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20120111.003\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/21 21:53:36 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/08/21 21:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/03 23:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys -- (ccHP)
DRV - [2011/08/03 21:00:13 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120111.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 21:00:13 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120111.018\NAVENG.SYS -- (NAVENG)
DRV - [2010/12/02 22:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/05/12 15:26:34 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1109000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1109000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/07/05 19:02:27 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/07/05 19:02:26 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/03/27 07:14:08 | 000,116,992 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mr97310c.sys -- (mr97310c)
DRV - [2008/03/25 20:15:30 | 004,137,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2007/02/01 23:50:12 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\siwinacc.sys -- (SiFilter)
DRV - [2007/02/01 23:50:10 | 000,110,128 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\si3112r.sys -- (SI3112r)
DRV - [2006/11/02 03:55:09 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/10/13 22:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2005/04/13 12:34:02 | 000,414,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/04/13 12:32:42 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2005/01/31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 10:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\M\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\M\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\M\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2011/07/28 16:18:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2012/01/12 01:15:44 | 000,000,000 | ---D | M]

[2008/09/04 15:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M\AppData\Roaming\Mozilla\Extensions
[2011/03/23 20:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M\AppData\Roaming\Mozilla\Firefox\Profiles\vf4yhg88.default\extensions
[2010/06/27 07:50:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\M\AppData\Roaming\Mozilla\Firefox\Profiles\vf4yhg88.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/10 11:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/26 08:05:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/27 20:45:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/22 19:00:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 22:38:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 08:56:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 17:48:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/28 16:18:08 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPLGN
[2009/03/31 21:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\M\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\M\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\M\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\M\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44588B40-B20D-43E4-9681-6514364CECCE}: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F513A535-97C5-4BE6-9C10-C444CAEF3AD7}: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une soci?t? en nom collectif.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\M\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\M\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/09/19 03:10:02 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007/09/19 01:58:55 | 000,582,656 | R--- | M] (Nival Interactive) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007/09/19 01:58:54 | 000,302,430 | R--- | M] () - D:\AutoRun.ico -- [ UDF ]
O32 - AutoRun File - [2007/09/19 01:58:53 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{b4e74a24-b57e-11db-8340-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4e74a24-b57e-11db-8340-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007/09/19 01:58:55 | 000,582,656 | R--- | M] (Nival Interactive)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 360 Days ==========

[2012/01/12 01:26:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\M\Desktop\OTL.exe
[2012/01/12 01:09:11 | 000,000,000 | ---D | C] -- C:\Users\M\Desktop\Usuwanie wirusow
[2012/01/12 00:49:24 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Roaming\Malwarebytes
[2012/01/12 00:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/12 00:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/12 00:49:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/12 00:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/11 07:18:50 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 07:18:46 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/11 07:18:44 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 07:18:38 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 07:18:38 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/03 21:31:19 | 000,000,000 | ---D | C] -- C:\Users\M\Documents\My Digital Editions
[2012/01/03 16:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/03 16:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/03 16:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/01 20:52:49 | 000,000,000 | ---D | C] -- C:\Users\M\Documents\My Media
[2012/01/01 20:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
[2012/01/01 20:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\OverDrive Media Console
[2012/01/01 20:34:40 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/01/01 20:34:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/01/01 20:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/01 20:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/01 20:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/01 20:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/01 20:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/12/26 13:10:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LeapFrog
[2011/12/24 23:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/12/24 23:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
[2011/12/24 23:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2011/12/24 23:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2011/12/13 20:02:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/13 20:02:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/13 20:02:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/13 20:02:50 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/13 20:02:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/13 20:02:45 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/13 18:08:22 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/13 18:08:18 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/13 18:08:17 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/13 18:08:15 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/13 18:08:15 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/13 18:08:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/07 14:10:53 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/12 11:18:10 | 000,033,792 | ---- | C] (Belcarra Technologies) -- C:\Windows\System32\drivers\btblan.sys
[2011/11/10 18:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/09 06:35:19 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Local\Solid State Networks
[2011/10/30 10:42:04 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/10/23 20:00:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/23 20:00:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/23 20:00:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/12 02:56:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 02:56:13 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 02:56:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/12 02:56:12 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/12 02:55:55 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/12 02:55:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/09/26 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\M\Desktop\Resume
[2011/08/30 23:05:04 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011/08/30 23:05:04 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/08/30 23:05:04 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/08/30 23:05:04 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
[2011/08/18 18:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/08/02 17:38:56 | 004,517,664 | ---- | C] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2011/06/06 18:40:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/06/06 18:40:29 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/06/06 18:40:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/06/06 18:40:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/06/06 18:40:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/06/06 18:40:27 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/06 18:40:26 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/06/06 18:40:26 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/06 18:40:26 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/06 18:40:26 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/06/06 18:40:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/06/06 18:40:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/06 18:40:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/06 18:40:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/06 18:40:25 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/06 18:40:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/06/06 18:40:25 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/06/06 18:40:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/06 18:40:24 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/06 18:40:24 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/06/06 18:40:23 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/06 18:40:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/06/06 18:40:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/06 18:40:23 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/06/06 18:40:23 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/06/06 18:40:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/06 18:40:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/06/06 18:40:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/06 18:40:22 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/06/06 18:40:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/06 18:40:21 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/22 22:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2011/05/22 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2011/05/17 07:55:18 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/05/11 19:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/04/29 20:43:31 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Roaming\Unity
[2011/04/29 20:40:18 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Local\Unity
[2011/04/27 15:31:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 15:31:25 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 15:31:19 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/13 14:25:39 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/13 14:25:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/13 14:25:35 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/13 14:25:29 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/13 14:25:29 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/03/31 12:45:37 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/03/26 22:10:07 | 000,000,000 | ---D | C] -- C:\Users\M\Documents\TurboTax
[2011/03/26 19:37:53 | 000,000,000 | ---D | C] -- C:\Users\M\Desktop\Taxes 2010
[2011/03/26 19:29:37 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Roaming\Intuit Canada
[2011/03/26 19:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax
[2011/03/26 19:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/03/26 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax 2010
[2011/03/26 19:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Intuit Canada
[2011/03/26 19:13:22 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Roaming\Registry Mechanic
[2011/03/26 07:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/03/23 05:57:06 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 05:57:06 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/08 19:00:00 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/08 19:00:00 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/08 19:00:00 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/02/24 20:05:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/24 20:02:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/24 20:01:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/24 20:01:45 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/24 20:01:45 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/24 20:01:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/24 20:01:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/24 20:01:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/24 20:01:40 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/24 20:01:40 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/24 20:01:40 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/24 20:01:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/24 20:01:30 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/24 20:01:30 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/24 20:01:30 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/24 20:01:29 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/24 20:01:29 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/09 20:20:28 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 20:20:24 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/09 20:20:24 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 20:20:23 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 20:20:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/09 20:20:21 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/09 20:20:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/09 20:20:20 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/09 20:20:19 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/09 20:20:18 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/09 20:20:18 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 20:20:17 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/09 20:20:16 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/09 20:20:16 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 20:20:15 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/09 20:20:15 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/09 20:20:15 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/09 20:20:14 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/09 20:20:10 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/09 20:20:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/09 20:20:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/01/31 13:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/01/31 13:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/01/31 13:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro

========== Files - Modified Within 360 Days ==========

[2012/01/12 01:26:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\M\Desktop\OTL.exe
[2012/01/12 01:21:16 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/12 01:21:16 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/12 01:15:05 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 01:15:05 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 01:14:57 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 01:14:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/12 01:04:04 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/11 20:00:43 | 002,464,406 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1109000.00C\Cat.DB
[2012/01/11 18:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4225447446-516854672-1412280890-1000UA.job
[2012/01/11 14:14:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4225447446-516854672-1412280890-1000Core.job
[2012/01/09 23:48:22 | 000,002,633 | ---- | M] () -- C:\Users\M\Desktop\Microsoft Office Outlook 2007.lnk
[2012/01/09 23:48:17 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - M.job
[2012/01/07 02:35:10 | 000,001,984 | ---- | M] () -- C:\Users\M\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/07 02:35:08 | 000,002,022 | ---- | M] () -- C:\Users\M\Desktop\Google Chrome.lnk
[2012/01/06 09:58:32 | 000,008,160 | ---- | M] () -- C:\Users\M\AppData\Local\d3d9caps.dat
[2012/01/06 01:21:12 | 000,000,938 | ---- | M] () -- C:\Users\M\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/01/04 18:34:26 | 000,520,634 | ---- | M] () -- C:\Users\M\Desktop\leapfrog rachunek.pdf
[2012/01/03 16:18:35 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/01 20:49:39 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
[2011/12/24 23:55:32 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2011/12/21 17:41:24 | 000,099,840 | ---- | M] () -- C:\Users\M\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 20:27:17 | 000,390,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/25 10:59:48 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/18 12:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2011/11/15 23:24:42 | 001,153,579 | ---- | M] () -- C:\Users\M\Documents\Flyer.pdf
[2011/11/13 13:42:34 | 000,047,787 | ---- | M] () -- C:\Users\M\great west life.pdf
[2011/11/12 11:18:10 | 000,033,792 | ---- | M] (Belcarra Technologies) -- C:\Windows\System32\drivers\btblan.sys
[2011/11/08 09:42:19 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/11/03 17:47:42 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/11/03 17:40:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/11/03 17:38:58 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/11/03 17:37:27 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/11/03 17:31:57 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/11/03 17:28:58 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/27 03:01:53 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/10/27 03:01:53 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/10/25 10:56:04 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/10/25 04:17:49 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/10/14 11:00:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2011/10/12 19:31:30 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/10/03 04:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/03 04:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/03 04:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/03 04:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/10/01 21:32:03 | 000,000,505 | ---- | M] () -- C:\Users\M\Desktop\New Adobe Photoshop Image.psd - Shortcut.lnk
[2011/09/19 17:59:44 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1109000.00C\isolate.ini
[2011/09/14 09:41:53 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/08/30 23:05:04 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll
[2011/08/30 23:05:04 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe
[2011/08/30 23:05:04 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
[2011/08/30 23:05:04 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll
[2011/08/25 11:15:04 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/08/25 08:31:01 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/08/21 21:53:36 | 000,340,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1109000.00C\symtdiv.sys
[2011/08/21 21:53:36 | 000,001,473 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1109000.00C\symnetv.inf
[2011/08/21 21:53:36 | 000,001,445 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1109000.00C\symnet.inf
[2011/08/21 21:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys
[2011/08/21 21:53:35 | 000,003,373 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.inf
[2011/08/21 21:53:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.cat
[2011/08/18 18:55:03 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/08/03 23:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.sys
[2011/08/02 17:38:56 | 004,517,664 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\usbaaplrc.dll
[2011/07/29 11:01:34 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/07/29 11:01:33 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/07/29 11:00:14 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/07/29 11:00:05 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/07/28 18:04:32 | 000,007,448 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.cat
[2011/07/11 16:09:12 | 000,001,754 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.inf
[2011/06/06 18:47:38 | 000,000,943 | ---- | M] () -- C:\Users\M\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/06 18:40:47 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/06/06 18:40:47 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/06/06 18:40:30 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/06/06 18:40:29 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/06/06 18:40:28 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/06/06 18:40:28 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/06/06 18:40:28 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/06/06 18:40:27 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/06 18:40:26 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/06/06 18:40:26 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/06 18:40:26 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/06 18:40:26 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/06/06 18:40:26 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/06/06 18:40:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/06 18:40:26 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/06 18:40:26 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/06/06 18:40:26 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/06 18:40:25 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/06 18:40:25 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/06/06 18:40:25 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/06/06 18:40:25 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/06 18:40:24 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/06 18:40:24 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/06/06 18:40:23 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/06 18:40:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/06/06 18:40:23 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/06 18:40:23 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/06/06 18:40:23 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/06/06 18:40:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/06 18:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/06/06 18:40:22 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/06 18:40:22 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/06/06 18:40:22 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/06 18:40:21 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/22 22:46:11 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2011/03/26 19:28:45 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax Canada 2010.lnk
[2011/03/12 16:55:52 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/10 12:03:51 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/03/10 12:03:51 | 001,136,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/03/03 10:40:13 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/03/03 08:35:36 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/02/22 09:13:01 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/22 08:33:12 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/16 11:16:37 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/16 09:02:23 | 000,292,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/01/31 13:30:17 | 000,002,056 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Keyboard.lnk
[2011/01/20 11:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/01/20 11:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/01/20 11:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/20 11:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/01/20 11:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/20 11:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/01/20 11:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/01/20 11:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/01/20 11:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/01/20 11:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/01/20 09:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/01/20 09:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/01/20 09:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/01/20 09:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/20 09:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/01/20 09:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/01/20 09:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/01/20 09:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/01/20 09:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/20 09:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/01/20 08:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

========== Files Created - No Company Name ==========

[2012/01/04 18:34:13 | 000,520,634 | ---- | C] () -- C:\Users\M\Desktop\leapfrog rachunek.pdf
[2012/01/03 21:35:53 | 000,001,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/01/03 16:18:34 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/01 20:49:39 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
[2012/01/01 20:31:46 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/24 23:55:31 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2011/12/07 14:11:02 | 000,001,984 | ---- | C] () -- C:\Users\M\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/07 14:11:01 | 000,002,022 | ---- | C] () -- C:\Users\M\Desktop\Google Chrome.lnk
[2011/12/07 14:09:21 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4225447446-516854672-1412280890-1000UA.job
[2011/12/07 14:09:20 | 000,000,840 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4225447446-516854672-1412280890-1000Core.job
[2011/11/15 23:24:42 | 001,153,579 | ---- | C] () -- C:\Users\M\Documents\Flyer.pdf
[2011/11/13 13:42:33 | 000,047,787 | ---- | C] () -- C:\Users\M\great west life.pdf
[2011/10/01 21:32:02 | 000,000,505 | ---- | C] () -- C:\Users\M\Desktop\New Adobe Photoshop Image.psd - Shortcut.lnk
[2011/09/14 09:40:50 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/09/14 09:40:50 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/08/18 18:55:03 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/06/06 18:47:37 | 000,000,949 | ---- | C] () -- C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/06/06 18:40:26 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/22 22:46:10 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2011/03/26 19:28:43 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax Canada 2010.lnk
[2011/02/24 20:01:33 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 20:01:33 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 20:01:33 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/01/31 13:30:17 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Keyboard.lnk
[2009/10/20 16:42:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 16:42:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/10/31 09:22:17 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2008/09/16 21:28:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/15 20:54:22 | 000,008,160 | ---- | C] () -- C:\Users\M\AppData\Local\d3d9caps.dat
[2008/09/11 19:00:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/19 21:06:35 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/08/19 21:06:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/07/05 19:02:27 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008/07/05 19:02:26 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008/05/30 10:06:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/16 20:02:28 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2007/12/09 21:25:15 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007/08/17 20:19:39 | 000,000,406 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/08/17 20:16:06 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2007/06/05 18:47:13 | 000,000,048 | ---- | C] () -- C:\Windows\KPCMS.INI
[2007/06/05 18:47:12 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2007/04/04 19:49:19 | 000,011,376 | ---- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2007/03/30 22:05:16 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf06a.dat
[2007/03/30 22:03:07 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2007/03/30 21:12:58 | 000,000,268 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2007/03/30 21:12:58 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2007/03/30 21:01:22 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2007/03/30 21:01:22 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2007/03/18 18:53:49 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/03/18 18:53:49 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/03/18 18:53:49 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/02/25 21:00:59 | 000,000,042 | ---- | C] () -- C:\Windows\PCSPATS.DAT
[2007/02/06 21:04:23 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll
[2007/02/06 21:04:23 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2007/02/06 06:41:06 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2007/02/05 23:15:27 | 000,099,840 | ---- | C] () -- C:\Users\M\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/06 18:49:36 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,390,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:55:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\usbcir.sys
[2006/11/02 03:40:55 | 000,073,216 | ---- | C] () -- C:\Windows\System32\TaskSchdPS.dll
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:36:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\sisraid4.sys
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/18 01:53:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2006/07/31 10:27:30 | 000,026,626 | ---- | C] () -- C:\Windows\System32\knvep32.dll
[2005/08/02 17:03:51 | 000,224,768 | ---- | C] () -- C:\Windows\System32\b4fm.dll
[2005/01/31 08:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2007/12/09 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\M\AppData\Roaming\eMule
[2009/11/25 21:23:58 | 000,000,000 | ---D | M] -- C:\Users\M\AppData\Roaming\IngermansonCommunications
[2007/02/10 08:37:42 | 000,000,000 | ---D | M] -- C:\Users\M\AppData\Roaming\InternetCalls
[2009/03/23 21:16:15 | 000,000,000 | ---D | M] -- C:\Users\M\AppData\Roaming\OverDrive
[2011/03/26 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\M\AppData\Roaming\Registry Mechanic
[2011/04/29 20:43:31 | 000,000,000 | ---D | M] -- C:\Users\M\AppData\Roaming\Unity
[2009/01/09 17:09:28 | 000,000,000 | ---D | M] -- C:\Users\M\AppData\Roaming\uTorrent
[2012/01/12 01:12:44 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >


EXTRAS LOG:

OTL Extras logfile created on: 12/01/2012 1:33:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\M\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.50 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 49.19% Memory free
3.25 Gb Paging File | 2.47 Gb Available in Paging File | 76.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 10.75 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
Drive D: | 2.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: M-PC | User Name: M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EB9826-900D-455B-8B34-DD939CE0BBD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{242FD262-AB30-4EB5-8E6F-601E620D5432}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4D1BF3F4-3BD2-40B9-A346-BC7130904641}" = lport=139 | protocol=6 | dir=in | app=system |
"{503E0AC6-63D5-499C-93F3-D7269FB0CF2C}" = lport=445 | protocol=6 | dir=in | app=system |
"{5D4CAE75-AA7F-4637-8958-3F1BCB37E66F}" = lport=137 | protocol=17 | dir=in | app=system |
"{84A2FF28-DEF0-4478-A637-25622C7F8322}" = rport=139 | protocol=6 | dir=out | app=system |
"{A6E84672-2300-4ACE-8EDC-E95C1DC10718}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B201C60D-CB7C-4216-91D1-220DFEA42CC1}" = lport=138 | protocol=17 | dir=in | app=system |
"{C5A655CF-D145-41E6-9EBA-D51AF39610B5}" = rport=137 | protocol=17 | dir=out | app=system |
"{D28155AF-2F3D-4974-B37E-9CCAD5D716F4}" = rport=445 | protocol=6 | dir=out | app=system |
"{DF0D0938-AED0-432A-9F60-F0B5F4F0EAFC}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{070012E2-240A-445D-8E85-2F6B639BFEA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0C0C43DE-4FC9-48E6-94EE-942037136331}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{367E9DE8-AA15-49EE-813C-BCD6B61AED08}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{3CE07805-EF4F-46A7-B2F6-D314F74B9067}" = protocol=17 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe |
"{59F33AEB-D1CA-4FAA-93BD-80FEF57770D7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F23B903-4A9D-44F3-A4D3-9185CB042B5E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{64F322B4-CBF1-4DE6-9D16-6EE3E5E23600}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{6C689925-F13F-4FCD-AA53-122E033EECFD}" = protocol=6 | dir=in | app=c:\program files\internetcalls.com\internetcalls\internetcalls.exe |
"{6E007EAD-E3F5-4DE5-83DA-D02DC8DD50B2}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{70744256-EF03-4D35-BFFF-7069FCB50250}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{80AD5F9A-DF1D-418B-8CA5-9D81846C337E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{81CA0CFD-B73D-4E34-9D12-64B5E8FDFA81}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8294D28D-1068-4ADA-AF1A-B58FDF8B92E5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{85B33EE0-3EFF-4257-BD2B-E5B39789B0B2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{8C5B7E24-1DEC-4873-9B27-39FA52E791C2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9BC760EA-7364-404E-A8C8-FF6D6FF52711}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0EE3260-F723-415F-8B4D-BBF76BC7CDC5}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{B72B191F-2626-4A32-AA1C-24D6EE1F8ECE}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{D4A2E52C-C8FA-4FC3-B254-508A3C2A42DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D6C36BBF-DFF3-4560-8F98-FE173F8808BC}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{E04BDD0A-7BF4-48AF-BCB2-B3DEECBCBC50}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ECE839F4-D1F9-4F8E-A07F-4332DC1E81E1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ED349F76-3C2F-471E-8119-3E5F0637F199}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{EEDF466D-C438-4553-870B-A5C396C856F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F99CAB53-7398-4A8B-BAE6-E0ECD31E1D44}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FC21E644-46C7-4729-B498-E362088FD82C}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05B3273E-4926-4663-8274-F8989431063C}" = PCStitch Pro
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29
"{28101984-0BA6-40FD-9ABE-72F62F80C06C}" = Heroes of Might and Magic V
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4272516D-0E81-48EF-AB66-7F6E28B4A615}" = Heroes of Might & Magic V: Hammers of Fate
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype? 5.5
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0.1 CE" = Adobe Photoshop 6.0.1 CE
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Battle.net" = Battle.net
"CCleaner" = CCleaner
"Corel Applications" = Corel Applications
"Digital Editions" = Adobe Digital Editions
"ENTERPRISE" = Microsoft Office Enterprise 2007
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"NIS" = Norton Internet Security
"PrimoPDF3.1" = PrimoPDF
"Sierra Utilities" = Sierra Utilities
"Sudden Strike" = Sudden Strike
"Sudden Strike - Additional Missions" = Sudden Strike - Additional Missions
"Total Annihilation" = Total Annihilation
"UPCShell" = LeapFrog Connect
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SnowflakePro 1_0_3" = SnowflakePro 1.0.3
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/01/2012 6:34:31 PM | Computer Name = M-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2297

Error - 10/01/2012 6:34:31 PM | Computer Name = M-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2297

Error - 10/01/2012 6:34:33 PM | Computer Name = M-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/01/2012 6:34:33 PM | Computer Name = M-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5469

Error - 10/01/2012 6:34:33 PM | Computer Name = M-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5469

Error - 11/01/2012 8:13:10 AM | Computer Name = M-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: bdc Start Time: 01ccd057327a5da5 Termination Time: 266

Error - 11/01/2012 8:14:58 AM | Computer Name = M-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp
0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xe0434f4d, fault offset 0x0003fc56, process id 0xaa8, application
start time 0x01ccd0585818ed78.

Error - 12/01/2012 1:37:00 AM | Computer Name = M-PC | Source = Application Error | ID = 1000
Description = Faulting application Skype.exe, version 5.5.0.124, time stamp 0x4e96a02b,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x0003dd6d, process id 0xf98, application start time
0x01ccd0ebd4136442.

Error - 12/01/2012 1:46:16 AM | Computer Name = M-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp
0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xe0434f4d, fault offset 0x0003fc56, process id 0xd20, application
start time 0x01ccd0ecf73f4859.

Error - 12/01/2012 2:32:43 AM | Computer Name = M-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: dfc Start Time: 01ccd0f352b7180a Termination Time: 78

[ Media Center Events ]
Error - 07/12/2007 2:44:31 PM | Computer Name = M-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 16/04/2008 12:41:13 AM | Computer Name = M-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 14/05/2008 5:38:59 PM | Computer Name = M-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 19/01/2009 10:46:34 PM | Computer Name = M-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 21/01/2009 10:40:31 PM | Computer Name = M-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 08/08/2008 1:00:59 PM | Computer Name = M-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 230
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/01/2012 9:51:17 AM | Computer Name = M-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/01/2012 9:51:21 AM | Computer Name = M-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/01/2012 2:30:26 PM | Computer Name = M-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/01/2012 2:35:01 PM | Computer Name = M-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/01/2012 2:48:52 PM | Computer Name = M-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/01/2012 2:52:01 PM | Computer Name = M-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 11/01/2012 3:02:22 PM | Computer Name = M-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 12/01/2012 1:33:11 AM | Computer Name = M-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/01/2012 2:11:34 AM | Computer Name = M-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 12/01/2012 2:15:38 AM | Computer Name = M-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

CHECKUP LOG:

Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 29
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 7
Java version out of date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````



Thank you for taking your time to help.

#2 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,864 posts

Posted 12 January 2012 - 09:25 PM

The OTL log shows a bad block on the Hard Disk that needs to be resolved before we go further.

First step, make sure you have all pertinent data backed up, just in case.

The you need to run chkdsk in repair mode.

From the desktop...

Start -> Run -> chkdsk c: /r (then press enter)

Chkdsk will run and advise that it cannot continue since this is the boot drive (or wording similar to that). It will ask if you want to run it at next boot. Answer "Y", then reboot your computer if chkdsk dose not.

Once it's finished, it will restart your computer and you will be back in Windows.

I want you to post the chsdsk logs in this thread. Here's how to get them...

In Vista, open the Control Panel, double click on "Adminstrative Tools", double click on the "Event Viewer" icon, toggle the triangle next to "Windows Logs" if necessary, then click on "Application". In the "Source" column, look for the "Chkdsk" item. Double click it and you should see the results of your Chkdsk.



Finally, your version of NIS is two version old. Current is 19.2.0.10. Assuming you have paid for a subscription to keep your definitions current, is there any reason you have not upgraded to the most current version? It's my understanding that current versions are included in the subscription price. I know it was true for me going to NIS 2012.



#3 airamx

airamx

    Active Member

  • Active Members
  • 19 posts

Posted 13 January 2012 - 05:56 AM

When running chkdsk c: /r I get a dos looking window for about 2 seconds and then it disappears, I never get to make any selection in regards to rebooting the system and never get any comments from chkdsk, although I did restart computer and went to Event Viewer and there is nothing called chkdsk in the source column. Please advise.
Our NIS subscription is good until May 2013 (paid for two years in advance), we never upgraded it simply because I naively thought that it should tell me that the newer version is available (as I remembered it doing previously).
I have upgraded my NIS to 2012 now. Please advise on how to proceed. Thank you.



Maria

Edited by airamx, 13 January 2012 - 02:20 PM.


#4 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,864 posts

Posted 13 January 2012 - 04:23 PM

Sorry for the goofed chkdsk instructions.

You need to open a command Window first.

Start -> Run -> cmd (press 'Enter')

At the prompt enter..

chkdsk c: /r (press 'Enter')

Then as before

#5 airamx

airamx

    Active Member

  • Active Members
  • 19 posts

Posted 13 January 2012 - 08:06 PM

After putting the command in I get a reply saying: Access denied as you do not have sufficient privileges. You have to invoke this utility running in elevated mode.

#6 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,864 posts

Posted 13 January 2012 - 10:43 PM

Try

Start -> All Programs -> Accessories -> right click on Command Prompt -> select 'Run as Administrator'


You will find this, and other methods here:
http://www.winhelpon...dows-Vista.html

#7 airamx

airamx

    Active Member

  • Active Members
  • 19 posts

Posted 14 January 2012 - 07:24 AM

Could not find chkdsk in the source column but when used find feature I got this log (hope it is the right one, as it's timed at the time computer was performing this task):

+ System

- Provider

[ Name] Microsoft-Windows-Wininit
[ Guid] {206f6dea-d3c5-4d10-bc72-989f03c8b84b}
[ EventSourceName] Wininit

- EventID 1001

[ Qualifiers] 16384

Version 0

Level 4

Task 0

Opcode 0

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2012-01-14T08:11:11.000Z

EventRecordID 117115

Correlation

- Execution

[ ProcessID] 0
[ ThreadID] 0

Channel Application

Computer M-PC

Security


- EventData

Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. 174336 file records processed. 1505 large file records processed. 0 bad file records processed. 0 EA records processed. 60 reparse records processed. 225518 index entries processed. 0 unindexed files processed. 174336 security descriptors processed. Cleaning up 206 unused index entries from index $SII of file 0x9. Cleaning up 206 unused index entries from index $SDH of file 0x9. Cleaning up 206 unused security descriptors. 25592 data files processed. CHKDSK is verifying Usn Journal... 105183432 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... Windows replaced bad clusters in file 10929 of name \SYSTEM~1\_RESTO~1\RP566\A0169128.mst. Windows replaced bad clusters in file 13272 of name \SYSTEM~1\_RESTO~1\RP566\A0169177.old. Windows replaced bad clusters in file 13305 of name \SYSTEM~1\_RESTO~1\RP566\A0169022.cfg. Windows replaced bad clusters in file 15934 of name \SYSTEM~1\_RESTO~1\RP566\A0169174.PNF. Windows replaced bad clusters in file 16006 of name \SYSTEM~1\_RESTO~1\RP566\A0169181.inf. Windows replaced bad clusters in file 16007 of name \SYSTEM~1\_RESTO~1\RP566\A0169182.PNF. Windows replaced bad clusters in file 16013 of name \SYSTEM~1\_RESTO~1\RP566\A0169175.PNF. Windows replaced bad clusters in file 16024 of name \SYSTEM~1\_RESTO~1\RP566\A0169140.cfg. Windows replaced bad clusters in file 16025 of name \SYSTEM~1\_RESTO~1\RP566\A0169141.dll. Windows replaced bad clusters in file 16027 of name \SYSTEM~1\_RESTO~1\RP566\A0169142.dll. Windows replaced bad clusters in file 17233 of name \SYSTEM~1\_RESTO~1\RP566\A01690~1.PRO. Windows replaced bad clusters in file 18463 of name \SYSTEM~1\_RESTO~1\RP566\A0169166.exe. Windows replaced bad clusters in file 19013 of name \SYSTEM~1\_RESTO~1\RP566\A0169165.exe. Windows replaced bad clusters in file 19015 of name \SYSTEM~1\_RESTO~1\RP566\A0169163.dll. Windows replaced bad clusters in file 19017 of name \SYSTEM~1\_RESTO~1\RP566\A0169164.dll. Windows replaced bad clusters in file 19159 of name \SYSTEM~1\_RESTO~1\RP566\A0169130.dll. Windows replaced bad clusters in file 19187 of name \SYSTEM~1\_RESTO~1\RP566\A0169122.rbf. Windows replaced bad clusters in file 19206 of name \SYSTEM~1\_RESTO~1\RP566\A0169125.rbf. Windows replaced bad clusters in file 19253 of name \SYSTEM~1\_RESTO~1\RP566\A0169145.dll. Windows replaced bad clusters in file 19265 of name \SYSTEM~1\_RESTO~1\RP566\A0169127.MST. Windows replaced bad clusters in file 19300 of name \SYSTEM~1\_RESTO~1\RP566\A0169054.rbf. Windows replaced bad clusters in file 19324 of name \SYSTEM~1\_RESTO~1\RP566\A0169062.rbf. Windows replaced bad clusters in file 19343 of name \SYSTEM~1\_RESTO~1\RP566\A0169069.rbf. Windows replaced bad clusters in file 19349 of name \SYSTEM~1\_RESTO~1\RP566\A0169073.rbf. Windows replaced bad clusters in file 19357 of name \SYSTEM~1\_RESTO~1\RP566\A0169074.rbf. Windows replaced bad clusters in file 19367 of name \SYSTEM~1\_RESTO~1\RP566\A0169080.rbf. Windows replaced bad clusters in file 19374 of name \SYSTEM~1\_RESTO~1\RP566\A0169081.rbf. Windows replaced bad clusters in file 19448 of name \SYSTEM~1\_RESTO~1\RP566\A0169029.rbf. Windows replaced bad clusters in file 19452 of name \SYSTEM~1\_RESTO~1\RP566\A0169092.rbf. Windows replaced bad clusters in file 19465 of name \SYSTEM~1\_RESTO~1\RP566\A0169093.rbf. Windows replaced bad clusters in file 19467 of name \SYSTEM~1\_RESTO~1\RP566\A0169094.rbf. Windows replaced bad clusters in file 19990 of name \SYSTEM~1\_RESTO~1\RP566\A0169044.rbf. Windows replaced bad clusters in file 20017 of name \SYSTEM~1\_RESTO~1\RP566\A0169116.rbf. Windows replaced bad clusters in file 20211 of name \SYSTEM~1\_RESTO~1\RP566\A0169115.rbf. Windows replaced bad clusters in file 20427 of name \SYSTEM~1\_RESTO~1\RP566\A0169030.rbf. Windows replaced bad clusters in file 20464 of name \SYSTEM~1\_RESTO~1\RP566\A0169031.rbf. Windows replaced bad clusters in file 20465 of name \SYSTEM~1\_RESTO~1\RP566\A0169032.rbf. Windows replaced bad clusters in file 20467 of name \SYSTEM~1\_RESTO~1\RP566\A0169033.rbf. Windows replaced bad clusters in file 20470 of name \SYSTEM~1\_RESTO~1\RP566\A0169034.rbf. Windows replaced bad clusters in file 20570 of name \SYSTEM~1\_RESTO~1\RP566\A0169039.rbf. Windows replaced bad clusters in file 20828 of name \SYSTEM~1\_RESTO~1\RP566\A0169045.rbf. Read failure with status 0xc000009c at offset 0x9e2fce000 for 0x10000 bytes. Read failure with status 0xc000009c at offset 0x9e2fcf000 for 0x1000 bytes. Windows replaced bad clusters in file 27326 of name \Users\M\Pictures\2008\PAUL'S~1\DSC04362.JPG. Read failure with status 0xc000009c at offset 0xa254a4000 for 0x10000 bytes. Read failure with status 0xc000009c at offset 0xa254a4000 for 0x1000 bytes. Windows replaced bad clusters in file 47292 of name \Users\M\Pictures\2010\Filmiki\MOV07546.MPG. Windows replaced bad clusters in file 47384 of name \SYSTEM~1\_RESTO~1\RP566\A0169050.rbf. Windows replaced bad clusters in file 78700 of name \SYSTEM~1\_RESTO~1\RP566\A0169137.dll. Windows replaced bad clusters in file 78705 of name \SYSTEM~1\_RESTO~1\RP566\A0169139.exe. Windows replaced bad clusters in file 78706 of name \SYSTEM~1\_RESTO~1\RP566\A0169138.dll. 174320 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 3396409 free clusters processed. Free space verification is complete. Adding 2 bad clusters to the Bad Clusters File. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 78140128 KB total disk space. 64125628 KB in 127685 files. 74852 KB in 25593 indexes. 8 KB in bad sectors. 354000 KB in use by the system. 65536 KB occupied by the log file. 13585640 KB available on disk. 4096 bytes in each allocation unit. 19535032 total allocation units on disk. 3396410 allocation units available on disk. Internal Info: 00 a9 02 00 c9 56 02 00 e3 fb 03 00 00 00 00 00 .....V.......... 2e 12 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 ....<........... 41 00 00 00 a2 73 e7 76 30 e4 2f 00 38 dc 2f 00 A....s.v0./.8./. Windows has finished checking your disk. Please wait while your computer restarts.


#8 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,864 posts

Posted 14 January 2012 - 03:58 PM

Thanks. I see there were several errors that were corrected. They may have been part of the problem you were experiencing, but I want to check further.

First:
Run OTL again, and post the new log in this thread. Note that there will not be an Extras log this time.

Second:
Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
http://www.dslreports.com/faq/16564

#9 airamx

airamx

    Active Member

  • Active Members
  • 19 posts

Posted 15 January 2012 - 04:34 AM

A quick question just to make sure, should I post the Sophos log from after reboot and before the second scan or one from after the second scan that launches after reboot?

#10 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • General Admin
  • 15,864 posts

Posted 15 January 2012 - 04:11 PM

Post log after reboot please.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users