HELP ! CPU Usage 100%...

[LONDONJON]

Hi All,

 

New to this and desperately hoping someone can help me. I have no idea why but for some time now my PC (HP, running XP) has been running at 100% CPU which is making it almost a waste of time using it...I have googled loads of things and it either seems too technical or just designed to get you to buy something that may or may not woirk and may or may not be legit.

 

I'd be grateful if anyone could explain in plain English what is potentially the issue and if there is a free/reasonably priced, and RELIABLE, GENUINE, product that I could get that would sort this without me having to get into anything technical myself ?

 

Many Thanks in advance

 

Jon

[Plastic Nev]

Hi Jon and welcome to Extreme Tech Support - Free PC Help.

 

As it says Free in our title we do try to steer by that and only recommend buying something when it is the last resort, you would be surprised at just how much is available for free and with no strings attached.

 

Having said that we could perhaps do with a bit more information first. What is showing you this 100%, are you using task manager or some other means?

Have you looked in task manager at all and can that help to identify what may be making the CPU work at full?

To get to task manager quickly, click "Start", then "Run" and copy and paste=

 

taskmgr

 

into the "Open" then click OK.

 

Can you please tell us the exact model of your HP machine, also is it laptop or desktop?

 

Next possible consideration may be malware, what security do you have installed in the way of anti-virus or anti-spayware?

If you don't already have Malwarebytes Antimalware installed, click here=

 

http://www.malwarebytes.org/

 

Once the Malwarebytes page opens, click on the Products tab at the top and select "Malwarebytes Anti-Malware Free.

 

You may be redirected to another site for the actual download, that is normal.

 

Once downloaded and installed, if it doesn't open, open it and first find updates and update it to the current version.

 

Then run a quick scan, you can if you wish run a full scan but that will take more time, a quick scan should show up anything for us to see.

When it finishes the scan it opens a notepad log, please copy and paste it into your next reply.

 

Nev.

[LONDONJON]

Hi Nev,

 

Thanks for such a prompt reply !

 

I had looked in task manager and on the processes tab under CPU I can't see anything that looks outlandishly big, in fact most of it is zero, there are just a few things showing '2' or '3', it's on the performance tab that I get the CPU Usage 100% in green.

 

I will download the free laware software you recommend and follow your steps and post back the info, thanks again for your help

 

Jon

[Plastic Nev]

Hi again, Carry on with the Malwarebytes first of course.

 

Then, what shows as running in the Applications tab? anything odd there at all?

 

Can you post a screen shot of all the Processes and also the CPU graph by any chance?

[Plastic Nev]

Just to add, I am off for tonight and won't be back till around the same time tomorrow. One of our other members may be able to carry on for you in the morning.

 

Nev.

[LONDONJON]

Thanks Nev...malwarebytes is running in the background, in the meantime these are the screenshots you mention ;

[ATTACH=CONFIG]734.vB5-legacyid=1512[/ATTACH][ATTACH=CONFIG]735.vB5-legacyid=1513[/ATTACH][ATTACH=CONFIG]736.vB5-legacyid=1514[/ATTACH]

[LONDONJON]

Thanks Nev...I am going away tomorrow for a few days so will check back Monday next week to see if anyone has been able to help, in the meantime thanks a lot for your help and interest.

[Starbuck]

Hi Jon,

 

Having a quick look at those screenshots.......

Uninstall Uniblue Registry Booster.

It's not needed and may cause more problems than it cures.

You won't find a member of staff here that would recommend the use of registry boosters.

But please post the MBAM scan report as asked for by Plastic Nev .... it's always best to be safe.

[LONDONJON]

Hi Nev...

 

so I ran malwarebytes and the results are shown below, it said there was a trojan, did I want to remove, did so, have restarted PC but still got 100% CPU...I will post the contents of the log in a separate post...

 

[ATTACH=CONFIG]737.vB5-legacyid=1515[/ATTACH]

[LONDONJON]

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

 

 

Database version: v2012.05.09.06

 

 

Windows Vista x86 NTFS

Internet Explorer 8.0.6001.18904

Jon :: JON-PC [administrator]

 

 

Protection: Enabled

 

 

09/05/2012 22:18:34

mbam-log-2012-05-09 (22-18-34).txt

 

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196736

Time elapsed: 36 minute(s), 17 second(s)

 

 

Memory Processes Detected: 0

(No malicious items detected)

 

 

Memory Modules Detected: 0

(No malicious items detected)

 

 

Registry Keys Detected: 0

(No malicious items detected)

 

 

Registry Values Detected: 0

(No malicious items detected)

 

 

Registry Data Items Detected: 0

(No malicious items detected)

 

 

Folders Detected: 0

(No malicious items detected)

 

 

Files Detected: 1

C:\Users\Jon\AppData\Local\Temp\BITB691.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

(end)

[Starbuck]

Hi Jon,

 

You posted in the Win XP forum and you have your operating system as Win XP home.

But that report is from a Win Vista m/c ??

[LONDONJON]

Hi Starbuck,

 

Damn...schoolboy error, although at least it gives you an idea of my level of PC knowhow (or lack thereof) :o

 

should I report this to the correct forum or does the issue itself lend itself equally to XP/Vista ?

 

Thanks

Jon

[Starbuck]

Hi Jon,

 

should I report this to the correct forum

No, it's ok i'll move the thread for you.

 

does the issue itself lend itself equally to XP/Vista ?

Basically the only difference is with how some programs are run..... but no big problem.

Did you remove the Registry Booster?

Has it made any difference?

[LONDONJON]

Hi Starbuck,

 

I will have a go this evening and post back where I get to - thanks for your help and for moving this thread to the correct forum.

 

Cheers, Jon

[LONDONJON]

Hi All,

 

Uniblue has been removed but to no avail, still running at 100%, this is after running malaware and removing a trojan it found...any more ideas gratefull received ?

 

Thanks

Jon

[Starbuck]

Hi Jon,

 

Guess what?

I'm going to move your thread again. :)

I'll move it to the malware removal forum were we can run some other scans and try and find out what's causing this.

As it's already been confirmed that you had a trojan on your system.... we need to find out a bit more.

 

Step 1

Download aswMBR and save it to your desktop.

• Double click the aswMBR.exe to run it.
  
• The latest version gives you the option of adding the latest Avast definitions:
   
  http://img.photobucket.com/albums/v708/starbuck50/new/03-07-201116-24-19.png
   
  
• It is recommended at this time to click NO. ( as there is a possibility of crashing the system)
  
• Click the Scan button to start scan.
  

http://img.photobucket.com/albums/v708/starbuck50/new/asw1.gif

 

On completion of the scan click Save log and save it to your desktop.

 

http://img.photobucket.com/albums/v708/starbuck50/new/asw2.gif

 

Please post this in your reply.

 

NOTE:

aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Step 2

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

 

In your next reply, please submit:

aswMBR report

Both reports from OTL

 

 

Thanks.

[LONDONJON]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-15 20:05:05

-----------------------------

20:05:05.990 OS Version: Windows 6.0.6000

20:05:05.991 Number of processors: 1 586 0x6B02

20:05:06.092 ComputerName: JON-PC UserName: Jon

20:05:54.724 Initialize success

20:10:31.054 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060

20:10:31.084 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6

20:10:31.095 Disk 0 MBR read successfully

20:10:31.130 Disk 0 MBR scan

20:10:31.133 Disk 0 unknown MBR code

20:10:31.137 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466285 MB offset 63

20:10:31.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10652 MB offset 954951795

20:10:31.301 Disk 0 scanning sectors +976768065

20:10:31.474 Disk 0 scanning C:\Windows\system32\drivers

20:11:12.411 Service scanning

20:11:23.811 Modules scanning

20:12:33.026 Disk 0 trace - called modules:

20:12:33.042 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys

20:12:33.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c5fad8]

20:12:33.051 3 ntkrnlpa.exe[820b0d35] -> nt!IofCallDriver -> [0x83e69e10]

20:12:33.059 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\00000060[0x84811ca0]

20:12:33.065 Scan finished successfully

20:18:15.626 Disk 0 MBR has been saved successfully to "C:\Users\Jon\Documents\MBR.dat"

20:18:15.637 The log file has been saved successfully to "C:\Users\Jon\Documents\aswMBR.txt"

20:35:16.288 Disk 0 MBR has been saved successfully to "C:\Users\Jon\Desktop\MBR.dat"

20:35:16.698 The log file has been saved successfully to "C:\Users\Jon\Desktop\aswMBR.txt"

[LONDONJON]

OTL Extras logfile created on: 15/05/2012 20:45:18 - Run 1

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.01% Memory free

4.22 Gb Paging File | 2.76 Gb Available in Paging File | 65.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.36 Gb Total Space | 71.89 Gb Free Space | 15.79% Space Free | Partition Type: NTFS

Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS

 

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2284CE7D-7D8C-4A0B-9449-0D6932009733}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

"{2DFD4752-666D-45A9-A422-C5850F258092}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

"{33CD07B3-0AE3-4D5B-B525-6BB6C4CF30CC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{3C3F0142-6B1B-42F6-A99E-78C91A55B461}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |

"{45DEFAC4-4C63-4E56-8548-BBE2FD40F868}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{569BEE8A-8CD3-4E38-829A-5DC7CDEBEC16}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

"{6259BD51-FC14-4513-938C-04B12F2A784E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{650C3AD4-0186-46EC-B3AF-24DF6EC60E37}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{67494F94-5A5B-4CA1-B75B-7FE331A2B340}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{70B5FAD9-7817-4208-A95D-39904DBF88CB}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |

"{73928C97-E0E6-4655-92CD-17AF108EC6FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8F5733B9-03F2-444E-8756-6C79ACD284C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9F06FFCB-34C7-4E74-81FF-150DEDAEC24F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BA1991E9-4922-4070-AEE2-1D20777E0889}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{CACDB922-0977-4CC9-B7C6-2BC894F3E158}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D95BD0C1-2716-427C-BC88-5F9700AE604F}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{E6483A37-CD7C-4C1D-9719-088828893FE5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

"{EFF79DE1-8183-4B47-8A23-180D8058C225}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{F8F0CD10-292A-4C8E-B46A-1D447C57D4AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{FBEACA1A-9F82-4835-B466-40DE33060E0B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"TCP Query User{BEA91881-6298-4D3F-9600-C03F60710C5A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{F25E3AAD-DC3B-459A-8CCE-55F3565F3938}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{054EC923-4B05-D008-CBEC-7403ED383923}" = CCC Help Danish

"{09AF88A0-1895-E3CE-506A-FBA159EABC90}" = Catalyst Control Center Localization Greek

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0A3A7A33-B6F5-6643-E98D-0AC5DD6493EE}" = CCC Help Thai

"{0D9ABD1F-786F-0D46-C2B4-9766CC22DFB0}" = Catalyst Control Center Graphics Previews Common

"{0FD46238-4C18-5173-D133-B07D93599AC7}" = CCC Help Japanese

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15286CC2-DA82-B166-0D49-3AE8EE35ACD3}" = CCC Help Czech

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1CD383EF-2B28-8384-1F08-437965EEE2AC}" = CCC Help Finnish

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{21B9B213-DE8D-10A6-CC00-7053F449DD9B}" = CCC Help Dutch

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding

"{2ED1D587-9CF4-0216-E314-A7F2D245A051}" = Catalyst Control Center Localization Thai

"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework

"{31787FDD-D9FB-C812-4A61-93A1C6B61568}" = ATI Catalyst Install Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{3530A86D-0151-BADE-7D8B-2BE5E573B7FE}" = Catalyst Control Center Graphics Full New

"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security

"{37F8AD37-33BD-A92F-1C61-F1E3BC257A52}" = CCC Help Korean

"{3CB4DE6B-0063-F6CF-4D5E-C5AC574727DB}" = Catalyst Control Center Localization Czech

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite

"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager

"{4880CDEC-46B5-ECCB-0629-DCC5B59378BD}" = Catalyst Control Center Localization Chinese Traditional

"{4A15E552-7701-9671-4A5F-D2AD5D90BD1F}" = Catalyst Control Center Localization Polish

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{50FF0E66-C30A-66C2-5557-7A7DE87A2A57}" = CCC Help Turkish

"{533A46E3-A450-CD86-E4C2-61CC832149F9}" = Catalyst Control Center Localization Russian

"{537C444C-9FD0-07F4-80BE-292B712FA23E}" = CCC Help Russian

"{54334E35-0C4E-7DDF-C137-7B3009142372}" = Catalyst Control Center Graphics Light

"{5442A47B-0CF1-9928-6B96-98ECED7EC302}" = Skins

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core

"{5840C930-8D3F-797A-42B9-4C3CC4D033FC}" = Catalyst Control Center Localization Korean

"{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series

"{5DDBEECE-4762-4C2B-9D0A-1A43B6F08166}" = SymNet

"{5E32EB1B-4E61-0A50-BEBC-35C856692F26}" = CCC Help Norwegian

"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari

"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center

"{640A46BE-9E3F-F4CC-29E1-BFC86CCFF16B}" = Catalyst Control Center Localization Chinese Standard

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{6CA7D5C7-42EE-4FEF-66E2-403A151CDA83}" = CCC Help Polish

"{71A6311C-8903-7B1D-3D1A-0ACF1065BBAE}" = CCC Help German

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7DD1D7EB-4F6B-411F-43A9-BD6BA5FA44D6}" = Catalyst Control Center Localization Finnish

"{7EE104D6-75B0-9AD7-C6EF-16793F6AF206}" = CCC Help Greek

"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware

"{948001BB-99F4-BA2C-9B92-044F16DAA35E}" = CCC Help Hungarian

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{997740A3-61FF-4627-A4E0-80AE0756695F}" = Symantec Real Time Storage Protection Component

"{9CD9BB77-92F7-674F-E2D3-CF6D14C672EF}" = Catalyst Control Center Localization Turkish

"{9D9AE4AE-450D-909B-64F1-6F137CB4CDCC}" = CCC Help Chinese Traditional

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{9DC47B66-E422-EDBF-341C-B544BC3F0D65}" = Catalyst Control Center Graphics Previews Vista

"{9F6C988E-9B1C-5038-A4E1-F8817509DAE8}" = Catalyst Control Center Localization Italian

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A55F99F2-D43E-8731-F7F9-3B3AB133A893}" = ccc-utility

"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements

"{B02BBF6C-FB6E-4BA4-7977-3D03D913BD9E}" = CCC Help Spanish

"{B0DE8404-2287-D17A-D483-608CC5D7427F}" = CCC Help Swedish

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon

"{B37B43B2-05A2-C0E6-C74B-23184780BD4B}" = CCC Help Chinese Standard

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security

"{C4DA680A-657A-E15B-51EE-E71CF527CD80}" = Catalyst Control Center Localization Japanese

"{C4F0D5BE-0A7F-017E-66FC-DE96B6AF8F6F}" = CCC Help Italian

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C926ACAF-84DF-BDFD-6825-BC5669940AD0}" = Catalyst Control Center Localization Dutch

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC3CFFD1-0EEF-C9DD-5731-089CAA05EB30}" = CCC Help Portuguese

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D73EA784-FC47-E0AA-46CD-12486F41C252}" = Catalyst Control Center Localization Spanish

"{D9A5FF9F-7CEA-4075-8F17-1077026CD98B}" = CCC Help French

"{D9ABB34A-C07A-DCE7-21D3-3BB3E343457B}" = ccc-core-static

"{DB6CFD79-2AC7-A10E-CE84-13AAA52AE9C2}" = Catalyst Control Center Localization Norwegian

"{E053E456-5B00-9D0E-9FC8-7FC23326D487}" = Catalyst Control Center Localization French

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E15C3B8B-E6AE-E417-4D8D-0E53424DFFBB}" = Catalyst Control Center Localization Portuguese

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help

"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1

"{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1

"{EC3A1D84-E178-56CB-C615-3E2720DD3959}" = Catalyst Control Center Localization Swedish

"{EF9B6310-F152-23FD-5ECE-1EA8EDC3BAF6}" = Catalyst Control Center Localization Danish

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F67530B4-606E-4FEF-1555-CB8A5A539C84}" = Catalyst Control Center Graphics Full Existing

"{F84DFE70-2803-7068-EFD5-8F91A648DE87}" = Catalyst Control Center Core Implementation

"{F8CBC264-23A4-E63B-D112-67BFF6A8AED7}" = Catalyst Control Center Localization Hungarian

"{FE46F4D4-CC88-B686-FE10-B2C845FD3BC3}" = CCC Help English

"{FEC2EC4D-D096-F5CA-CE9B-D525AB4573F6}" = Catalyst Control Center Localization German

"adawaretb" = Ad-Aware Security Toolbar

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AOL Toolbar" = AOL Toolbar 5.0

"AVG" = AVG 2012

"AVG Secure Search" = AVG Security Toolbar

"Driving Test Success - Hazard Perception_is1" = Hazard Perception 2007/8

"EPSON Scanner" = EPSON Scan

"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual

"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3

"NVIDIA Drivers" = NVIDIA Drivers

"OfficeTrial" = Microsoft Office Home and Student 60 day trial

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"RealPlayer 6.0" = RealPlayer

"Spotify" = Spotify

"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)

"WildTangent hp Master Uninstall" = HP Games

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 09/08/2010 01:17:06 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 09/08/2010 01:22:55 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007

Description =

 

Error - 09/08/2010 01:25:46 | Computer Name = Jon-PC | Source = EventSystem | ID = 4621

Description =

 

Error - 12/08/2010 15:28:51 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007

Description =

 

Error - 12/08/2010 15:28:55 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 13/08/2010 08:32:18 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00180f89, process id 0x15bc, application

start time 0x01cb3abd624d1fbb.

 

Error - 13/08/2010 12:39:56 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1858, application

start time 0x01cb3ae3986fcefb.

 

Error - 15/08/2010 14:08:01 | Computer Name = Jon-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.18904 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 4fc Start Time: 01cb3abd61d04e9b Termination Time: 2683

 

Error - 20/08/2010 07:23:36 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x370, application

start time 0x01cb4047e26b970b.

 

Error - 20/08/2010 10:23:05 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1b94, application

start time 0x01cb405a2511f29b.

 

[ System Events ]

Error - 09/05/2012 18:01:17 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7011

Description =

 

Error - 09/05/2012 18:02:16 | Computer Name = Jon-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

9, function 0. Please contact your system vendor for technical assistance.

 

Error - 09/05/2012 18:04:12 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 09/05/2012 18:04:21 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 09/05/2012 18:22:01 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7011

Description =

 

Error - 14/05/2012 16:28:21 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 14/05/2012 16:28:26 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 15/05/2012 14:50:26 | Computer Name = Jon-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.7 for the Network Card with network

address 001644940345 has been denied by the DHCP server 192.168.0.1 (The DHCP Server

sent a DHCPNACK message).

 

Error - 15/05/2012 14:50:59 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 15/05/2012 14:51:00 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

 

< End of report >

[LONDONJON]

OTL Extras logfile created on: 15/05/2012 20:45:18 - Run 1

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 29.01% Memory free

4.22 Gb Paging File | 2.76 Gb Available in Paging File | 65.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.36 Gb Total Space | 71.89 Gb Free Space | 15.79% Space Free | Partition Type: NTFS

Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS

 

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2284CE7D-7D8C-4A0B-9449-0D6932009733}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

"{2DFD4752-666D-45A9-A422-C5850F258092}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

"{33CD07B3-0AE3-4D5B-B525-6BB6C4CF30CC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{3C3F0142-6B1B-42F6-A99E-78C91A55B461}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |

"{45DEFAC4-4C63-4E56-8548-BBE2FD40F868}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{569BEE8A-8CD3-4E38-829A-5DC7CDEBEC16}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

"{6259BD51-FC14-4513-938C-04B12F2A784E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{650C3AD4-0186-46EC-B3AF-24DF6EC60E37}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{67494F94-5A5B-4CA1-B75B-7FE331A2B340}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{70B5FAD9-7817-4208-A95D-39904DBF88CB}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |

"{73928C97-E0E6-4655-92CD-17AF108EC6FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8F5733B9-03F2-444E-8756-6C79ACD284C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9F06FFCB-34C7-4E74-81FF-150DEDAEC24F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BA1991E9-4922-4070-AEE2-1D20777E0889}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{CACDB922-0977-4CC9-B7C6-2BC894F3E158}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D95BD0C1-2716-427C-BC88-5F9700AE604F}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{E6483A37-CD7C-4C1D-9719-088828893FE5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

"{EFF79DE1-8183-4B47-8A23-180D8058C225}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{F8F0CD10-292A-4C8E-B46A-1D447C57D4AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{FBEACA1A-9F82-4835-B466-40DE33060E0B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"TCP Query User{BEA91881-6298-4D3F-9600-C03F60710C5A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{F25E3AAD-DC3B-459A-8CCE-55F3565F3938}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{054EC923-4B05-D008-CBEC-7403ED383923}" = CCC Help Danish

"{09AF88A0-1895-E3CE-506A-FBA159EABC90}" = Catalyst Control Center Localization Greek

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0A3A7A33-B6F5-6643-E98D-0AC5DD6493EE}" = CCC Help Thai

"{0D9ABD1F-786F-0D46-C2B4-9766CC22DFB0}" = Catalyst Control Center Graphics Previews Common

"{0FD46238-4C18-5173-D133-B07D93599AC7}" = CCC Help Japanese

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15286CC2-DA82-B166-0D49-3AE8EE35ACD3}" = CCC Help Czech

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1CD383EF-2B28-8384-1F08-437965EEE2AC}" = CCC Help Finnish

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{21B9B213-DE8D-10A6-CC00-7053F449DD9B}" = CCC Help Dutch

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding

"{2ED1D587-9CF4-0216-E314-A7F2D245A051}" = Catalyst Control Center Localization Thai

"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework

"{31787FDD-D9FB-C812-4A61-93A1C6B61568}" = ATI Catalyst Install Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{3530A86D-0151-BADE-7D8B-2BE5E573B7FE}" = Catalyst Control Center Graphics Full New

"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security

"{37F8AD37-33BD-A92F-1C61-F1E3BC257A52}" = CCC Help Korean

"{3CB4DE6B-0063-F6CF-4D5E-C5AC574727DB}" = Catalyst Control Center Localization Czech

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite

"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager

"{4880CDEC-46B5-ECCB-0629-DCC5B59378BD}" = Catalyst Control Center Localization Chinese Traditional

"{4A15E552-7701-9671-4A5F-D2AD5D90BD1F}" = Catalyst Control Center Localization Polish

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{50FF0E66-C30A-66C2-5557-7A7DE87A2A57}" = CCC Help Turkish

"{533A46E3-A450-CD86-E4C2-61CC832149F9}" = Catalyst Control Center Localization Russian

"{537C444C-9FD0-07F4-80BE-292B712FA23E}" = CCC Help Russian

"{54334E35-0C4E-7DDF-C137-7B3009142372}" = Catalyst Control Center Graphics Light

"{5442A47B-0CF1-9928-6B96-98ECED7EC302}" = Skins

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core

"{5840C930-8D3F-797A-42B9-4C3CC4D033FC}" = Catalyst Control Center Localization Korean

"{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series

"{5DDBEECE-4762-4C2B-9D0A-1A43B6F08166}" = SymNet

"{5E32EB1B-4E61-0A50-BEBC-35C856692F26}" = CCC Help Norwegian

"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari

"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center

"{640A46BE-9E3F-F4CC-29E1-BFC86CCFF16B}" = Catalyst Control Center Localization Chinese Standard

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{6CA7D5C7-42EE-4FEF-66E2-403A151CDA83}" = CCC Help Polish

"{71A6311C-8903-7B1D-3D1A-0ACF1065BBAE}" = CCC Help German

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7DD1D7EB-4F6B-411F-43A9-BD6BA5FA44D6}" = Catalyst Control Center Localization Finnish

"{7EE104D6-75B0-9AD7-C6EF-16793F6AF206}" = CCC Help Greek

"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware

"{948001BB-99F4-BA2C-9B92-044F16DAA35E}" = CCC Help Hungarian

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{997740A3-61FF-4627-A4E0-80AE0756695F}" = Symantec Real Time Storage Protection Component

"{9CD9BB77-92F7-674F-E2D3-CF6D14C672EF}" = Catalyst Control Center Localization Turkish

"{9D9AE4AE-450D-909B-64F1-6F137CB4CDCC}" = CCC Help Chinese Traditional

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{9DC47B66-E422-EDBF-341C-B544BC3F0D65}" = Catalyst Control Center Graphics Previews Vista

"{9F6C988E-9B1C-5038-A4E1-F8817509DAE8}" = Catalyst Control Center Localization Italian

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A55F99F2-D43E-8731-F7F9-3B3AB133A893}" = ccc-utility

"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements

"{B02BBF6C-FB6E-4BA4-7977-3D03D913BD9E}" = CCC Help Spanish

"{B0DE8404-2287-D17A-D483-608CC5D7427F}" = CCC Help Swedish

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon

"{B37B43B2-05A2-C0E6-C74B-23184780BD4B}" = CCC Help Chinese Standard

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security

"{C4DA680A-657A-E15B-51EE-E71CF527CD80}" = Catalyst Control Center Localization Japanese

"{C4F0D5BE-0A7F-017E-66FC-DE96B6AF8F6F}" = CCC Help Italian

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C926ACAF-84DF-BDFD-6825-BC5669940AD0}" = Catalyst Control Center Localization Dutch

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC3CFFD1-0EEF-C9DD-5731-089CAA05EB30}" = CCC Help Portuguese

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D73EA784-FC47-E0AA-46CD-12486F41C252}" = Catalyst Control Center Localization Spanish

"{D9A5FF9F-7CEA-4075-8F17-1077026CD98B}" = CCC Help French

"{D9ABB34A-C07A-DCE7-21D3-3BB3E343457B}" = ccc-core-static

"{DB6CFD79-2AC7-A10E-CE84-13AAA52AE9C2}" = Catalyst Control Center Localization Norwegian

"{E053E456-5B00-9D0E-9FC8-7FC23326D487}" = Catalyst Control Center Localization French

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E15C3B8B-E6AE-E417-4D8D-0E53424DFFBB}" = Catalyst Control Center Localization Portuguese

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help

"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1

"{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1

"{EC3A1D84-E178-56CB-C615-3E2720DD3959}" = Catalyst Control Center Localization Swedish

"{EF9B6310-F152-23FD-5ECE-1EA8EDC3BAF6}" = Catalyst Control Center Localization Danish

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F67530B4-606E-4FEF-1555-CB8A5A539C84}" = Catalyst Control Center Graphics Full Existing

"{F84DFE70-2803-7068-EFD5-8F91A648DE87}" = Catalyst Control Center Core Implementation

"{F8CBC264-23A4-E63B-D112-67BFF6A8AED7}" = Catalyst Control Center Localization Hungarian

"{FE46F4D4-CC88-B686-FE10-B2C845FD3BC3}" = CCC Help English

"{FEC2EC4D-D096-F5CA-CE9B-D525AB4573F6}" = Catalyst Control Center Localization German

"adawaretb" = Ad-Aware Security Toolbar

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AOL Toolbar" = AOL Toolbar 5.0

"AVG" = AVG 2012

"AVG Secure Search" = AVG Security Toolbar

"Driving Test Success - Hazard Perception_is1" = Hazard Perception 2007/8

"EPSON Scanner" = EPSON Scan

"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual

"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3

"NVIDIA Drivers" = NVIDIA Drivers

"OfficeTrial" = Microsoft Office Home and Student 60 day trial

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"RealPlayer 6.0" = RealPlayer

"Spotify" = Spotify

"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)

"WildTangent hp Master Uninstall" = HP Games

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 09/08/2010 01:17:06 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 09/08/2010 01:22:55 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007

Description =

 

Error - 09/08/2010 01:25:46 | Computer Name = Jon-PC | Source = EventSystem | ID = 4621

Description =

 

Error - 12/08/2010 15:28:51 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007

Description =

 

Error - 12/08/2010 15:28:55 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 13/08/2010 08:32:18 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00180f89, process id 0x15bc, application

start time 0x01cb3abd624d1fbb.

 

Error - 13/08/2010 12:39:56 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1858, application

start time 0x01cb3ae3986fcefb.

 

Error - 15/08/2010 14:08:01 | Computer Name = Jon-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.18904 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 4fc Start Time: 01cb3abd61d04e9b Termination Time: 2683

 

Error - 20/08/2010 07:23:36 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x370, application

start time 0x01cb4047e26b970b.

 

Error - 20/08/2010 10:23:05 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1b94, application

start time 0x01cb405a2511f29b.

 

[ System Events ]

Error - 09/05/2012 18:01:17 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7011

Description =

 

Error - 09/05/2012 18:02:16 | Computer Name = Jon-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

9, function 0. Please contact your system vendor for technical assistance.

 

Error - 09/05/2012 18:04:12 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 09/05/2012 18:04:21 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 09/05/2012 18:22:01 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7011

Description =

 

Error - 14/05/2012 16:28:21 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 14/05/2012 16:28:26 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 15/05/2012 14:50:26 | Computer Name = Jon-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.7 for the Network Card with network

address 001644940345 has been denied by the DHCP server 192.168.0.1 (The DHCP Server

sent a DHCPNACK message).

 

Error - 15/05/2012 14:50:59 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 15/05/2012 14:51:00 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

 

< End of report >

[LONDONJON]

Forgot to add - in the midst of all that copying and pasting - thanks a lot for all your help Starbuck, it's much appreciated.

[Starbuck]

Hi Jon,

 

Sorry but you inadvertently posted the Extras.txt twice and forgot the Main.txt

A copy should be found here:

C:\Users\Jon\Downloads

 

Thanks

[LONDONJON]

Hi Starbuck,

 

I have looked there but can't see it - not sure which piece of info I'm missing, could you take a snip of your initial email and highlight the relevant part and I'll do it straight away.

 

Thanks

[Starbuck]

Hi Jon,

 

Let's run a fresh set of reports, the main.txt should open after it's completed.

 

Double click on OTL to run it.

• Under Extra Registry section, select Use SafeList.
  

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

 

In your next reply, please submit:

Both reports from OTL

 

 

Thanks.

[LONDONJON]

Hi Starbuck,

 

Thanks - I have re-run OTL and once done I get 2 outputs...'OTL.txt' and 'Extras.txt', I will paste them both now -

[LONDONJON]

OTL logfile created on: 16/05/2012 20:46:49 - Run 2

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.07% Memory free

4.22 Gb Paging File | 2.91 Gb Available in Paging File | 68.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.36 Gb Total Space | 70.72 Gb Free Space | 15.53% Space Free | Partition Type: NTFS

Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS

 

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Jon\Downloads\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()

PRC - C:\Program Files\AVG Secure Search\vprot.exe ()

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

PRC - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (Lavasoft Limited )

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)

PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Windows\System32\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll ()

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found

SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (LiveUpdate Notice) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)

SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)

SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found

DRV - (NwlnkFwd) -- File not found

DRV - (NwlnkFlt) -- File not found

DRV - (IpInIp) -- File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()

DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111115.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111115.002\NAVENG.SYS (Symantec Corporation)

DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20111103.001\IDSvix86.sys (Symantec Corporation)

DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)

DRV - (SYMNDISV) -- C:\Windows\System32\drivers\symndisv.sys (Symantec Corporation)

DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)

DRV - (SYMFW) -- C:\Windows\System32\drivers\symfw.sys (Symantec Corporation)

DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)

DRV - (SYMDNS) -- C:\Windows\System32\drivers\symdns.sys (Symantec Corporation)

DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)

DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation)

DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb

IE - HKLM\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb

IE - HKCU\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/29 22:18:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 20:19:43 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - default_search_provider: AVG Secure Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms}

CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll

CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Jon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: AVG Safe Search = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

 

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-GB\local\search.html ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C682665-40C2-4127-9373-02E2D37B5246}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B3FDED-400C-475D-BEC1-335D36450AB2}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/07 22:30:17 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell - "" = AutoRun

O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell - "" = AutoRun

O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe

O33 - MountPoints2\{a40e2fb7-d2aa-11dd-90f1-001e8c8a4f1e}\Shell\AutoRun\command - "" = K:\WDSetup.exe

O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell - "" = AutoRun

O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - State: "bootini" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/05/09 22:16:10 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes

[2012/05/09 22:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/09 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/09 22:15:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/05/09 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/04/24 20:19:43 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\AVG Secure Search

[2012/04/24 20:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search

[2012/04/24 20:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

[2012/04/24 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search

[2012/04/24 20:13:00 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\FixCleaner

[2012/04/24 20:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner

[2012/04/24 20:12:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers

 

========== Files - Modified Within 30 Days ==========

 

[2012/05/16 21:00:43 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EFAAFC8B-95ED-48A4-B66D-7B949E1599CF}.job

[2012/05/16 21:00:23 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000UA.job

[2012/05/16 21:00:17 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000Core.job

[2012/05/16 20:29:52 | 098,325,467 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2012/05/16 20:12:44 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/16 20:12:44 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/16 19:20:40 | 000,622,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/05/16 19:20:40 | 000,108,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/05/16 19:12:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/15 23:00:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/05/15 20:43:11 | 000,001,089 | ---- | M] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk

[2012/05/15 20:35:16 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Desktop\MBR.dat

[2012/05/15 20:18:15 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Documents\MBR.dat

[2012/05/14 21:28:45 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat

[2012/05/14 21:28:45 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat

[2012/05/09 22:15:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/02 17:33:42 | 000,016,632 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

[2012/04/16 22:45:09 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jon.job

 

========== Files Created - No Company Name ==========

 

[2012/05/15 20:42:52 | 000,001,089 | ---- | C] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk

[2012/05/15 20:35:16 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Desktop\MBR.dat

[2012/05/15 20:18:15 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Documents\MBR.dat

[2012/05/09 22:15:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/12/12 20:28:26 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011/12/12 20:28:26 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011/06/02 13:01:52 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2008/01/07 22:30:17 | 000,000,074 | ---- | M] () -- C:\autoexec.bat

[2006/11/02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr

[2008/01/07 21:34:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2008/10/31 11:12:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/10/31 11:12:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2012/05/16 19:12:30 | 2459,893,760 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %PROGRAMFILES%\* >

[2008/12/18 12:31:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4

 

 

< End of report >