Jump to content

Boot Problems - Snap Do

Richard Wright
 Share

Recommended Posts

Richard Wright Newbie

Richard Wright

Posted
Posted

Yesterday morning, when I switched on my computer it seemed to boot OK, everything appeared as normal, but just when I assumed there was no problem, the screen went dark and a while later I was on the screen which said that there had been an unexpected shutdown and offering me the choice of Safe Mode etc. Trying to boot normally produced the same result, but Safe mode with networking worked OK. I took the obvious (to me) step of doing a system restore from safe mode and everything then seemed to be OK. However, switching on this morning, I had the same result. I have repeated this several times. After the system restore, everything works OK so long as I don't switch the computer off, but if I do, I get the same error until I repeat the system restore.

 

Problems seemed to start when my Virginmedia Security gave an error message and control panel showed that I had no virus protection. I couldn't solve this problem, so I downloaded my old standby of AVG Free which I had used for years on my previous computer. System restore before I installed AVG appears to work, until I switch off .......... My Virginmedia Security still gives an error message on startup, but control panel now says it is working. I have tried to remove and reinstall it with control panel but I always get an error message using the remove program.

 

While my computer is working, I have tried various scans for malware, but nothing has been detected. I've also tried using CCleaner and even cleaned the registry, but always with the same result when I boot up after shutdown.

 

So long as I keep the computer on, everything seems fine and so at present that is what I am doing as I rely on it for my self-employed work. However, I would like to switch off at some time, so any advice on what else to try would be gratefully received.

 

Richard Wright

  • Replies 14
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Armageddon Newbie

Armageddon

Posted
Posted

Hi Richard and welcome to ExTS , firstly we dont recommend using any registry cleaner as they can cause more damage than good , secondly having two Anti Virus's is going to cause conflicts and cause problems since you've encountered problems using the standard add/remove programs may I recommend revo uninstaller download this and use this in advanced mode to remove virgin's security , reboot and let us know what happens after

 

hope this helps

 

Dave

Google is your friend

 

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

 

 

Richard Wright Newbie

Richard Wright

Posted
  • Author
Posted

Unfortunately, this did not work. When I rebooted I got the Startup Repair screen instead, and in the end I had to go back to the same system restore point as before.

 

Incidentally, I do not actually have two antivirus programs running as the system restore is to the point before I installed AVG.

 

I would appreciate any other ideas, but as I have a lot of important work to do with the computer over the next few days, I'm going to leave it on so long as it is working and I'll only attempt repairs when I've finished this work so it might be a while before I'm able to reply. Meanwhile I'm making sure I have up to date backups just in case.

 

Richard Wright

Armageddon Newbie

Armageddon

Posted
Posted
Hi Richard could you let us know what Malware Scanners you have tried please

Google is your friend

 

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

 

 

Richard Wright Newbie

Richard Wright

Posted
  • Author
Posted

Sorry, I can't remember. I downloaded a couple of things from the internet which had been given high scores by other users. However, every time I do a system restore, I go back to a point before I installed them and I've now forgotten which ones they were.

 

I'm happy to try any which can be recommended.

 

Richard

Richard Wright Newbie

Richard Wright

Posted
  • Author
Posted

I've now run a full scan with Malwarebytes which seems to be recommended here. It reported no malware.

 

However, I have now remembered that when I installed AVG, my browser window was changed to Snap.do. I immediately changed back to my usual Yahoo and deleted Snap.do. Having now searched for Snap.do, I have found a lot of warnings about this. Online PC Savior says "If your computer is infected with Snap.do, your computer will slow down and run weirdly; your system settings and other registry entries will be changed, and even your some important files will be deleted. More seriously, Snap.do can cause a complete computer crash if you find it but don’t remove it immediately and completely."

 

It also suggests that normal removal doesn't clear up the problems and that manual removal is required, by the following :

 

-Step 1: Boot your computer into safe mode with networking.

To perform this procedure, please restart your computer–>As your computer restarts but before Windows launches, tap “F8″ key constantly.–> Use the arrow keys to highlight the “Safe Mode with Networking” option and then press ENTER.–> If you don’t get the Safe Mode with Networking option, please restart the computer again and keep tapping “F8″ key immediately.

 

-Step 2: You need to stop all the processes of Snap.do in Task Manager which can be found when you press CTRL+ALT+DELETE together.

[random name].exe of Qbyrd.com

 

-Step 3: Delete the following files created by Snap.do in local disk C partition of your hard drive:

%System%\drivers\[RANDOM CHRACTERS].SYS

%AppData%\[random].exe

C:\WINDOWS\system32\[random].exe

%SYSTEMDRIVE%\[random]

%systemroot%\System32\config\[random].dll

 

-Step 4: Open your Registry Editor program by navigating to Start Menu, type in regedit, and then click OK. When you have been in Registry Editor, please delete the following registry entries associated with Snap.do:

HKLM\SOFTTWARE\Microsoft\Internet Explorer\MAIN,Local Page=[random]

HKCU\Software\Microsoft\Windows\CurrentVersion\INTERNET SETTING:”PROXYeNAVLE”=0

HIKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[random]

HKCU\software\Microspft\Internet Explorer\Toolbar,LinksFolderName=[random]

HKEY_CLASSES_ROOT\CLSID\[random]NT\CurrentVersion\Image File Execution

 

I'd appreciate it if anybody has any advice on this.

 

Thanks

Richard Wright

Armageddon Newbie

Armageddon

Posted
Posted
Hi Richard Am going to move your posts to the mlaware removal forum , so one of the security guys can advise

Google is your friend

 

We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.

Get help with computer problems. Join Free PC Help here

 

Donations are welcome. Read Here

 

 

Starbuck Newbie

Starbuck

Posted
Posted

@ Armageddon

Thanks for the help you have given so far and thanks for moving this thread.

 

Hi Richard

 

Let's see what we can do here:

 

Step 1

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

 

 

Step 2

  • Download OTL to your desktop.
    If using Firefox ..right click on the link and select 'Save Link/Target As'.
     
    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
    .
  • Click the Run Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runscan.png
     
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

 

In your next reply, please submit:

AdwCleaner report

both reports from OTL.

 

Thanks

Member of:

UNITE

Richard Wright Newbie

Richard Wright

Posted
  • Author
Posted

Hi Starbuck

Thanks for the advice. I have followed the instructions and the resultant logs are posted below.

I was relieved that after running AdwCleaner, when the computer booted up again it actually seemed Ok and did not take me to the Safe Mode screen yet again That has to be progress!

Richard

 

Log for AdwCleaner follows. I had a message saying that the text was too long, so I'll send the others in another post.

 

# AdwCleaner v2.005 - Logfile created 10/15/2012 at 18:23:00

# Updated 14/10/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Richard Wright- - RICHARDWRIGHT-

# Boot Mode : Normal

# Running from : C:\Users\Richard Wright-\Desktop\AdwCleaner.exe

# Option [Delete]

 

***** [services] *****

 

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\Yontoo

Folder Deleted : C:\ProgramData\~0

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Richard Wright-\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Richard Wright-\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=GB&userid=905531b1-148c-4831-b44c-84ce57d752f9&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=GB&userid=905531b1-148c-4831-b44c-84ce57d752f9&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={9A1BAB23-ABC9-4F6F-8A5A-088653FFD6C2}&mid=e20f18436b3647d1b9b2ed906d867b3c-a8520c2a8d3d8dc04e067fb7cc41eba2c05658e9&lang=en&ds=AVG&pr=fr&d=2012-01-02 10:22:50&v=9.0.0.23&sap=nt --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=GB&userid=905531b1-148c-4831-b44c-84ce57d752f9&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=GB&userid=905531b1-148c-4831-b44c-84ce57d752f9&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

*************************

AdwCleaner[s1].txt - [6898 octets] - [15/10/2012 18:23:00]

########## EOF - C:\AdwCleaner[s1].txt - [6958 octets] ##########

Richard Wright Newbie

Richard Wright

Posted
  • Author
Posted

This is the OTL log :

 

OTL logfile created on: 10/15/2012 6:36:27 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Richard Wright-\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.91 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.12% Memory free

7.81 Gb Paging File | 6.06 Gb Available in Paging File | 77.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 919.90 Gb Total Space | 387.46 Gb Free Space | 42.12% Space Free | Partition Type: NTFS

Drive D: | 11.52 Gb Total Space | 1.41 Gb Free Space | 12.24% Space Free | Partition Type: NTFS

Drive G: | 465.76 Gb Total Space | 228.51 Gb Free Space | 49.06% Space Free | Partition Type: NTFS

 

Computer Name: RICHARDWRIGHT- | User Name: Richard Wright- | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Richard Wright-\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308.1\RpsSecurityAwareR.exe (Virgin Media)

PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManagerComHandler.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)

PRC - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

PRC - C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()

PRC - C:\Windows\SysWOW64\softLCP.exe (EnTech Taiwan)

PRC - C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)

PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()

PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)

PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)

PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()

MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ()

MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()

MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found

SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Radialpoint Security Services) -- C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308.1\RpsSecurityAwareR.exe (Virgin Media)

SRV - (ServicepointService) -- C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)

SRV - (dell_power_nap_service) -- C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe ()

SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)

SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (HsdService) -- C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (softOSD) -- C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (WSWNA1100) -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()

SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)

SRV - (jswpsapi) -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)

DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.)

DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.)

DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)

DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)

DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)

DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)

DRV:64bit: - (se64a) -- C:\Windows\SysNative\drivers\se64a.sys (EnTech Taiwan)

DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)

DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys ()

DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)

DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (se64a) -- C:\Windows\SysWOW64\drivers\se64a.sys (EnTech Taiwan)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{91511582-590D-4A4F-B56E-9D45698D5FE6}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{91511582-590D-4A4F-B56E-9D45698D5FE6}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {643E391E-1CC5-4EC8-BAE5-3FD85D69D720}

IE - HKCU\..\SearchScopes\{643E391E-1CC5-4EC8-BAE5-3FD85D69D720}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8

IE - HKCU\..\SearchScopes\{91511582-590D-4A4F-B56E-9D45698D5FE6}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/15 03:59:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2012/10/15 04:00:20 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [intense Registry Service] C:\Windows\SysWow64\intedreg.exe ()

O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found

O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Virgin Media Security] C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308.1\RPS.exe (Virgin Media)

O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

O4 - HKCU..\Run: [iLO_Office_Manager] C:\Windows\SysWow64\intedreg.exe ()

O4 - Startup: C:\Users\Richard Wright-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: jelitto.com ([www] https in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{626CEE5A-865E-43E7-9E23-D88B7F3BF44E}: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E8931E-65DF-4922-9DEB-66D19E254890}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/10/15 18:33:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Richard Wright-\Desktop\OTL.scr

[2012/10/15 07:22:37 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\Malwarebytes

[2012/10/15 07:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/10/15 07:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/10/15 07:22:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/10/15 07:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/10/15 07:21:13 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Richard Wright-\Desktop\mbam-setup-1.65.0.1400.exe

[2012/10/15 06:55:41 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys

[2012/10/14 18:04:39 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Local\VS Revo Group

[2012/10/14 18:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2012/10/14 18:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/10/14 15:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft

[2012/10/14 10:55:29 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\Documents\Backups

[2012/10/14 08:12:20 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\Documents\My Palettes

[2012/10/13 13:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/10/13 12:51:07 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerTools Lite 2011

[2012/10/13 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerTools Lite 2011

[2012/10/13 12:24:01 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\{{userdatapath.company}}

[2012/10/13 08:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/10/12 06:42:32 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\TuneUp Software

[2012/10/12 06:41:55 | 000,000,000 | -H-D | C] -- C:\$AVG

[2012/10/12 06:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2012/10/12 06:39:20 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Local\MFAData

[2012/10/12 06:39:20 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Local\Avg2013

[2012/10/10 18:01:38 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/10/10 18:01:37 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/10/10 18:01:37 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/10/10 18:01:19 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/10/10 18:01:19 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/10/10 18:01:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/10/10 18:01:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/10/10 18:01:18 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/10/10 18:01:18 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/10/10 18:01:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/10/10 18:01:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/10/10 18:01:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/10/10 18:01:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/10/10 18:01:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/10/10 18:01:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/10/10 18:01:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/10/10 18:01:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/10/10 18:01:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/10/10 18:01:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/10/10 18:01:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/10/10 18:01:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/10/10 18:01:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/10/10 18:01:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/10/10 18:01:02 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/10/10 18:00:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/10/10 18:00:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/10/10 05:50:28 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\SpeedyPC Software

[2012/10/10 05:50:28 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\DriverCure

[2012/10/10 05:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

[2012/10/09 16:28:08 | 009,575,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/09/26 06:56:00 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe

[2012/09/22 15:25:56 | 000,000,000 | -HSD | C] -- C:\found.000

[2012/09/22 09:23:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/09/22 09:23:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/09/22 09:23:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/09/22 09:23:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/09/22 09:23:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/09/22 09:23:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/09/22 09:23:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/09/22 09:23:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/09/22 09:23:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/09/22 09:23:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/09/22 09:23:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/09/22 09:23:26 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/09/22 09:23:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/09/22 09:23:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/09/22 09:23:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/09/22 09:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012/09/21 10:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2012/09/21 10:10:08 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\Leadertech

[2012/09/21 10:09:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2012/09/21 10:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd

[2012/09/21 10:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2012/09/21 10:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd

[2012/09/21 10:07:30 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\Logitech

[2012/09/21 10:07:30 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\Logishrd

[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/10/15 18:33:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/10/15 18:33:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/10/15 18:33:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Wright-\Desktop\OTL.scr

[2012/10/15 18:28:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/10/15 18:25:32 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Richard Wright-.job

[2012/10/15 18:25:30 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/10/15 18:25:29 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job

[2012/10/15 18:25:12 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Richard Wright-.job

[2012/10/15 18:25:12 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Richard Wright-.job

[2012/10/15 18:25:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/10/15 18:24:46 | 3146,379,264 | -HS- | M] () -- C:\hiberfil.sys

[2012/10/15 18:18:16 | 000,538,941 | ---- | M] () -- C:\Users\Richard Wright-\Desktop\AdwCleaner.exe

[2012/10/15 18:00:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job

[2012/10/15 17:53:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/10/15 10:40:13 | 000,861,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/10/15 10:40:13 | 000,723,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/10/15 10:40:13 | 000,146,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/10/15 07:22:18 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/15 07:21:21 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Richard Wright-\Desktop\mbam-setup-1.65.0.1400.exe

[2012/10/15 06:55:42 | 000,001,103 | ---- | M] () -- C:\Users\Richard Wright-\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/10/15 06:55:42 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2012/10/15 06:53:15 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job

[2012/10/13 12:51:12 | 000,000,022 | -HS- | M] () -- C:\Users\Richard Wright-\AppData\Roaming\Sys2662.Config.Repository.bin

[2012/10/13 07:56:19 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat

[2012/10/10 15:42:19 | 000,000,484 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job

[2012/10/10 05:31:17 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRichard Wright-.job

[2012/10/09 16:28:23 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/10/09 16:28:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/10/09 16:28:08 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/10/07 17:26:07 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/09/22 09:27:38 | 000,625,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/09/20 10:09:55 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\ESDX4000_4050_CX3900.lnk

[2012/09/20 10:07:58 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk

[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/10/15 18:18:13 | 000,538,941 | ---- | C] () -- C:\Users\Richard Wright-\Desktop\AdwCleaner.exe

[2012/10/15 07:22:18 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/15 06:55:42 | 000,001,103 | ---- | C] () -- C:\Users\Richard Wright-\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/10/15 06:55:42 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2012/10/14 21:16:02 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Richard Wright-.job

[2012/10/14 21:16:00 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Richard Wright-.job

[2012/10/14 21:16:00 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Richard Wright-.job

[2012/10/13 12:51:12 | 000,000,022 | -HS- | C] () -- C:\Users\Richard Wright-\AppData\Roaming\Sys2662.Config.Repository.bin

[2012/10/13 07:56:19 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat

[2012/10/10 05:50:30 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job

[2012/10/10 05:50:23 | 000,000,536 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job

[2012/10/10 05:50:23 | 000,000,484 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job

[2012/10/10 05:50:22 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job

[2012/05/08 17:22:56 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2011/11/08 13:28:02 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

[2011/11/07 20:27:25 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/11/07 15:09:17 | 001,537,536 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-hi.dll

[2011/11/07 14:27:39 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011/11/07 14:27:39 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011/11/07 14:27:39 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011/11/07 14:27:39 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011/11/07 14:27:39 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011/11/07 14:27:39 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011/11/07 14:27:39 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011/11/07 14:27:39 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011/11/07 14:27:39 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011/11/07 14:27:39 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2011/11/07 14:27:39 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011/11/07 14:27:39 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011/11/07 14:27:39 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011/11/07 14:27:39 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011/11/07 14:27:39 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011/11/07 14:27:39 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2011/11/07 14:27:39 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2011/11/07 14:27:39 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011/11/07 14:27:39 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011/11/07 14:18:34 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000DEFGIPS.ini

[2011/11/07 12:42:58 | 000,000,849 | ---- | C] () -- C:\Windows\VTruck1.ini

[2011/10/06 00:30:55 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

[2011/10/06 00:18:10 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/10/06 00:18:09 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/10/06 00:18:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/06/21 08:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

[2011/02/11 18:15:43 | 000,846,808 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

 

========== ZeroAccess Check ==========

 

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2012/06/15 16:07:23 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\Amazon

[2012/10/10 05:50:28 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\DriverCure

[2012/09/21 10:10:08 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\Leadertech

[2011/11/09 17:03:26 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\OpenOffice.org

[2012/10/15 17:47:14 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\Radialpoint

[2011/11/08 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\Serif

[2012/09/22 09:26:11 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\SoftGrid Client

[2012/10/10 05:50:28 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\SpeedyPC Software

[2011/11/07 12:39:20 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\TP

[2012/10/12 06:42:32 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\TuneUp Software

[2012/10/15 03:57:33 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\Virgin Media

[2011/11/16 08:32:17 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\WinBatch

[2011/11/08 11:49:16 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\ZinioReader4

[2011/11/08 11:52:00 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\_MDLogs

[2012/10/13 12:24:01 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\{{userdatapath.company}}

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2012/10/15 18:23:15 | 000,006,995 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2011/11/07 12:43:25 | 120,587,278 | ---- | M] () -- C:\back_up.reg

[2011/02/11 18:00:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2012/10/13 07:56:19 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat

[2012/10/15 18:24:46 | 3146,379,264 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/27 16:51:04 | 000,000,000 | ---- | M] () -- C:\log.txt

[2011/10/06 00:00:20 | 000,000,000 | RHS- | M] () -- C:\OS

[2012/10/15 18:24:53 | 4195,172,352 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

[10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 

< %systemroot%\System32\config\*.sav >

 

< %PROGRAMFILES%\* >

[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/06 00:10:58 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/06 00:10:58 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/06 00:10:58 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/10/06 00:10:58 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/10/06 00:10:58 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/10/06 00:10:58 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 468 bytes -> C:\Users\Richard Wright-\Documents\Calendar 2012.ppp:�SummaryInformation

< End of report >

Richard Wright Newbie

Richard Wright

Posted
  • Author
Posted

OTL log

 

OTL logfile created on: 10/15/2012 6:36:27 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Richard Wright-\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.91 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.12% Memory free

7.81 Gb Paging File | 6.06 Gb Available in Paging File | 77.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 919.90 Gb Total Space | 387.46 Gb Free Space | 42.12% Space Free | Partition Type: NTFS

Drive D: | 11.52 Gb Total Space | 1.41 Gb Free Space | 12.24% Space Free | Partition Type: NTFS

Drive G: | 465.76 Gb Total Space | 228.51 Gb Free Space | 49.06% Space Free | Partition Type: NTFS

 

Computer Name: RICHARDWRIGHT- | User Name: Richard Wright- | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Richard Wright-\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308.1\RpsSecurityAwareR.exe (Virgin Media)

PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManagerComHandler.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)

PRC - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

PRC - C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()

PRC - C:\Windows\SysWOW64\softLCP.exe (EnTech Taiwan)

PRC - C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)

PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()

PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)

PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)

PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()

MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ()

MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()

MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found

SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Radialpoint Security Services) -- C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308.1\RpsSecurityAwareR.exe (Virgin Media)

SRV - (ServicepointService) -- C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint SafeCare Inc.)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)

SRV - (dell_power_nap_service) -- C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe ()

SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)

SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (HsdService) -- C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (softOSD) -- C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (WSWNA1100) -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()

SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)

SRV - (jswpsapi) -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)

DRV:64bit: - (tmwfp) -- C:\Windows\SysNative\drivers\tmwfp.sys (Trend Micro Inc.)

DRV:64bit: - (tmlwf) -- C:\Windows\SysNative\drivers\tmlwf.sys (Trend Micro Inc.)

DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)

DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)

DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)

DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)

DRV:64bit: - (se64a) -- C:\Windows\SysNative\drivers\se64a.sys (EnTech Taiwan)

DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)

DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys ()

DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)

DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (se64a) -- C:\Windows\SysWOW64\drivers\se64a.sys (EnTech Taiwan)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{91511582-590D-4A4F-B56E-9D45698D5FE6}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{91511582-590D-4A4F-B56E-9D45698D5FE6}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {643E391E-1CC5-4EC8-BAE5-3FD85D69D720}

IE - HKCU\..\SearchScopes\{643E391E-1CC5-4EC8-BAE5-3FD85D69D720}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8

IE - HKCU\..\SearchScopes\{91511582-590D-4A4F-B56E-9D45698D5FE6}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/15 03:59:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2012/10/15 04:00:20 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [intense Registry Service] C:\Windows\SysWow64\intedreg.exe ()

O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found

O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Virgin Media Security] C:\Program Files (x86)\Virgin Media\Virgin Media Security\10.0.38.58308.1\RPS.exe (Virgin Media)

O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

O4 - HKCU..\Run: [iLO_Office_Manager] C:\Windows\SysWow64\intedreg.exe ()

O4 - Startup: C:\Users\Richard Wright-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: jelitto.com ([www] https in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{626CEE5A-865E-43E7-9E23-D88B7F3BF44E}: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E8931E-65DF-4922-9DEB-66D19E254890}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE

O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/10/15 18:33:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Richard Wright-\Desktop\OTL.scr

[2012/10/15 07:22:37 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\Malwarebytes

[2012/10/15 07:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/10/15 07:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/10/15 07:22:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/10/15 07:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/10/15 07:21:13 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Richard Wright-\Desktop\mbam-setup-1.65.0.1400.exe

[2012/10/15 06:55:41 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys

[2012/10/14 18:04:39 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Local\VS Revo Group

[2012/10/14 18:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2012/10/14 18:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/10/14 15:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft

[2012/10/14 10:55:29 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\Documents\Backups

[2012/10/14 08:12:20 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\Documents\My Palettes

[2012/10/13 13:14:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/10/13 12:51:07 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerTools Lite 2011

[2012/10/13 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerTools Lite 2011

[2012/10/13 12:24:01 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\{{userdatapath.company}}

[2012/10/13 08:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/10/12 06:42:32 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\TuneUp Software

[2012/10/12 06:41:55 | 000,000,000 | -H-D | C] -- C:\$AVG

[2012/10/12 06:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2012/10/12 06:39:20 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Local\MFAData

[2012/10/12 06:39:20 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Local\Avg2013

[2012/10/10 18:01:38 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/10/10 18:01:37 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/10/10 18:01:37 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/10/10 18:01:19 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/10/10 18:01:19 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/10/10 18:01:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/10/10 18:01:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/10/10 18:01:18 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/10/10 18:01:18 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/10/10 18:01:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/10/10 18:01:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/10/10 18:01:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/10/10 18:01:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/10/10 18:01:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/10/10 18:01:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/10/10 18:01:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/10/10 18:01:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/10/10 18:01:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/10/10 18:01:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/10/10 18:01:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/10/10 18:01:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/10/10 18:01:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/10/10 18:01:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/10/10 18:01:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/10/10 18:01:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/10/10 18:01:02 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/10/10 18:00:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/10/10 18:00:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/10/10 05:50:28 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\SpeedyPC Software

[2012/10/10 05:50:28 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\DriverCure

[2012/10/10 05:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

[2012/10/09 16:28:08 | 009,575,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/09/26 06:56:00 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe

[2012/09/22 15:25:56 | 000,000,000 | -HSD | C] -- C:\found.000

[2012/09/22 09:23:29 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/09/22 09:23:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/09/22 09:23:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/09/22 09:23:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/09/22 09:23:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/09/22 09:23:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/09/22 09:23:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/09/22 09:23:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/09/22 09:23:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/09/22 09:23:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/09/22 09:23:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/09/22 09:23:26 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/09/22 09:23:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/09/22 09:23:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/09/22 09:23:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/09/22 09:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012/09/21 10:21:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2012/09/21 10:10:08 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\Leadertech

[2012/09/21 10:09:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2012/09/21 10:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd

[2012/09/21 10:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2012/09/21 10:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd

[2012/09/21 10:07:30 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\Logitech

[2012/09/21 10:07:30 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Roaming\Logishrd

[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/10/15 18:33:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/10/15 18:33:48 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/10/15 18:33:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard Wright-\Desktop\OTL.scr

[2012/10/15 18:28:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/10/15 18:25:32 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Richard Wright-.job

[2012/10/15 18:25:30 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/10/15 18:25:29 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job

[2012/10/15 18:25:12 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Richard Wright-.job

[2012/10/15 18:25:12 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Richard Wright-.job

[2012/10/15 18:25:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/10/15 18:24:46 | 3146,379,264 | -HS- | M] () -- C:\hiberfil.sys

[2012/10/15 18:18:16 | 000,538,941 | ---- | M] () -- C:\Users\Richard Wright-\Desktop\AdwCleaner.exe

[2012/10/15 18:00:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job

[2012/10/15 17:53:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/10/15 10:40:13 | 000,861,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/10/15 10:40:13 | 000,723,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/10/15 10:40:13 | 000,146,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/10/15 07:22:18 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/15 07:21:21 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Richard Wright-\Desktop\mbam-setup-1.65.0.1400.exe

[2012/10/15 06:55:42 | 000,001,103 | ---- | M] () -- C:\Users\Richard Wright-\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/10/15 06:55:42 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2012/10/15 06:53:15 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job

[2012/10/13 12:51:12 | 000,000,022 | -HS- | M] () -- C:\Users\Richard Wright-\AppData\Roaming\Sys2662.Config.Repository.bin

[2012/10/13 07:56:19 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat

[2012/10/10 15:42:19 | 000,000,484 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job

[2012/10/10 05:31:17 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRichard Wright-.job

[2012/10/09 16:28:23 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/10/09 16:28:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/10/09 16:28:08 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/10/07 17:26:07 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/09/22 09:27:38 | 000,625,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/09/20 10:09:55 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\ESDX4000_4050_CX3900.lnk

[2012/09/20 10:07:58 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk

[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/10/15 18:18:13 | 000,538,941 | ---- | C] () -- C:\Users\Richard Wright-\Desktop\AdwCleaner.exe

[2012/10/15 07:22:18 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/10/15 06:55:42 | 000,001,103 | ---- | C] () -- C:\Users\Richard Wright-\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/10/15 06:55:42 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2012/10/14 21:16:02 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Richard Wright-.job

[2012/10/14 21:16:00 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Richard Wright-.job

[2012/10/14 21:16:00 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Richard Wright-.job

[2012/10/13 12:51:12 | 000,000,022 | -HS- | C] () -- C:\Users\Richard Wright-\AppData\Roaming\Sys2662.Config.Repository.bin

[2012/10/13 07:56:19 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat

[2012/10/10 05:50:30 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job

[2012/10/10 05:50:23 | 000,000,536 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job

[2012/10/10 05:50:23 | 000,000,484 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job

[2012/10/10 05:50:22 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job

[2012/05/08 17:22:56 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2011/11/08 13:28:02 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

[2011/11/07 20:27:25 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

[2011/11/07 15:09:17 | 001,537,536 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-hi.dll

[2011/11/07 14:27:39 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011/11/07 14:27:39 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011/11/07 14:27:39 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011/11/07 14:27:39 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011/11/07 14:27:39 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011/11/07 14:27:39 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011/11/07 14:27:39 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011/11/07 14:27:39 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011/11/07 14:27:39 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011/11/07 14:27:39 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat

[2011/11/07 14:27:39 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011/11/07 14:27:39 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011/11/07 14:27:39 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011/11/07 14:27:39 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011/11/07 14:27:39 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011/11/07 14:27:39 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat

[2011/11/07 14:27:39 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat

[2011/11/07 14:27:39 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011/11/07 14:27:39 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011/11/07 14:18:34 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000DEFGIPS.ini

[2011/11/07 12:42:58 | 000,000,849 | ---- | C] () -- C:\Windows\VTruck1.ini

[2011/10/06 00:30:55 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat

[2011/10/06 00:18:10 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/10/06 00:18:09 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/10/06 00:18:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/06/21 08:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

[2011/02/11 18:15:43 | 000,846,808 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

 

========== ZeroAccess Check ==========

 

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2012/06/15 16:07:23 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\Amazon

[2012/10/10 05:50:28 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\DriverCure

[2012/09/21 10:10:08 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\Leadertech

[2011/11/09 17:03:26 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\OpenOffice.org

[2012/10/15 17:47:14 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\Radialpoint

[2011/11/08 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\Serif

[2012/09/22 09:26:11 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\SoftGrid Client

[2012/10/10 05:50:28 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\SpeedyPC Software

[2011/11/07 12:39:20 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\TP

[2012/10/12 06:42:32 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\TuneUp Software

[2012/10/15 03:57:33 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\Virgin Media

[2011/11/16 08:32:17 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\WinBatch

[2011/11/08 11:49:16 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\ZinioReader4

[2011/11/08 11:52:00 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\_MDLogs

[2012/10/13 12:24:01 | 000,000,000 | ---D | M] -- C:\Users\Richard Wright-\AppData\Roaming\{{userdatapath.company}}

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%\*.* >

[2012/10/15 18:23:15 | 000,006,995 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2011/11/07 12:43:25 | 120,587,278 | ---- | M] () -- C:\back_up.reg

[2011/02/11 18:00:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2012/10/13 07:56:19 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat

[2012/10/15 18:24:46 | 3146,379,264 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/27 16:51:04 | 000,000,000 | ---- | M] () -- C:\log.txt

[2011/10/06 00:00:20 | 000,000,000 | RHS- | M] () -- C:\OS

[2012/10/15 18:24:53 | 4195,172,352 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

[10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 

< %systemroot%\System32\config\*.sav >

 

< %PROGRAMFILES%\* >

[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/06 00:10:58 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/06 00:10:58 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/06 00:10:58 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/10/06 00:10:58 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/10/06 00:10:58 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/10/06 00:10:58 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 468 bytes -> C:\Users\Richard Wright-\Documents\Calendar 2012.ppp:�SummaryInformation

< End of report >

Richard Wright Newbie

Richard Wright

Posted
  • Author
Posted

OTL Extras

 

OTL Extras logfile created on: 10/15/2012 6:36:27 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Richard Wright-\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.91 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 59.12% Memory free

7.81 Gb Paging File | 6.06 Gb Available in Paging File | 77.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 919.90 Gb Total Space | 387.46 Gb Free Space | 42.12% Space Free | Partition Type: NTFS

Drive D: | 11.52 Gb Total Space | 1.41 Gb Free Space | 12.24% Space Free | Partition Type: NTFS

Drive G: | 465.76 Gb Total Space | 228.51 Gb Free Space | 49.06% Space Free | Partition Type: NTFS

 

Computer Name: RICHARDWRIGHT- | User Name: Richard Wright- | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1472CD4A-1C3D-4C37-9E68-9D49139B340C}" = rport=10243 | protocol=6 | dir=out | app=system |

"{158061C3-3079-4F1D-B54F-7DCAE0D32CBB}" = rport=139 | protocol=6 | dir=out | app=system |

"{1FB79CED-E58B-4A66-9D59-419CDA8113DF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{371F9252-A6F4-4862-8CED-DACF8C799768}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4CFFA896-8DED-40FC-8921-BB77F0CFCC12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5560131F-4721-4B82-9DAB-E875A7D797A4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5E9A39E9-69E1-4B07-923F-0CECA28ADC0F}" = lport=139 | protocol=6 | dir=in | app=system |

"{6749A15F-C28B-4BAE-BA13-954CA379984F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{6D5353C8-196D-4749-8AC9-4FC9A95BD48B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7B2A716A-E5D1-40CC-B1E5-CFB5EDA31C46}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{803D7ACB-BA48-4E21-8260-ACC0735DAD84}" = rport=137 | protocol=17 | dir=out | app=system |

"{85846AEF-8574-4461-B468-A082A6ECF7B8}" = rport=445 | protocol=6 | dir=out | app=system |

"{8CE90537-749E-476D-A10C-75316B0A68B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A5A40EDD-85D5-4A04-82B7-99FBD5F679C7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{AD69F0DD-A52C-4124-AB44-D5C7F6ABD61A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{B337DF90-EBDE-4563-8D39-FD5D8DDCA0D9}" = lport=10243 | protocol=6 | dir=in | app=system |

"{B4C17FF5-95DE-4DC5-AD17-700BB12E9A95}" = lport=137 | protocol=17 | dir=in | app=system |

"{B4EB25E3-BE98-4B1D-AA02-4FC100193CB6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CC957629-7CCE-4B3A-B9DA-95CCD87020C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CDDD1BAA-70A3-4F67-828D-541D0F5E307F}" = lport=445 | protocol=6 | dir=in | app=system |

"{EFB05186-CBAF-4D52-BA83-5AFB978119D0}" = lport=138 | protocol=17 | dir=in | app=system |

"{FE3BC748-08E6-46C2-BB69-D7702297D5D0}" = rport=138 | protocol=17 | dir=out | app=system |

"{FF59AE8A-B17C-470E-AC84-751575947761}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00A17097-BFE3-4B13-A81F-A9581F96410F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{02B8B48F-8C77-4DEA-AD92-5FCCB4829693}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{04B8EF82-FD91-49C0-81E3-E5CCD637285F}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |

"{10862D96-2273-4CBA-869A-84B5FAECF7D2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1A079341-6243-491E-A299-D4F4B051600E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{260D6214-5971-40C5-843B-48CC64C32DB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{28B9066D-3ECB-43A8-AC94-780ACD714244}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{29D1D8B1-6AD0-4C84-A8EA-2A0E2EA10E63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{2F0496BD-58F0-4F89-AD7F-5D4223D88BF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3015DA04-E6B9-4AD2-B672-59EBD86A7B21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{32AF2CD3-BB94-4322-A344-7F63D60C2AFF}" = protocol=6 | dir=in | app=c:\program files (x86)\virgin media\service manager\servicepointservice.exe |

"{34D81B3D-8CBD-4A32-BFB2-F9CF6BE913AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{48AF0B26-43FC-43DF-A7CD-8ECAA9053C2E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{48B30F9C-E570-41C9-BD12-5A30ED4FCDC8}" = protocol=17 | dir=in | app=c:\program files (x86)\virgin media\service manager\servicepointservice.exe |

"{5C29CFEA-238F-44FF-A0CD-447D3CCE2691}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{5ED9EAB4-B6E5-4334-9C26-3D039EBEF28E}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |

"{6AF0116F-83E9-42C1-ACF6-70C96FAAC909}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{746C38F0-AAA7-4EF0-979D-0D9EFA2F6414}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{7B7EAF0B-4564-453D-B93C-B92AE808E8E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7B91735F-CD71-40FB-BE09-AFF58D10A1DC}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |

"{7F50833A-95A3-4666-B443-38ACA2F00075}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{8F7F3B79-E7C1-4AC0-A03D-238554B799A3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{9FE73C68-4B64-4A96-ADA6-C593D26BDE7F}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |

"{A52A84F2-EEB5-4171-B0EE-E3491E641144}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B0F949B4-50B1-413E-BBBB-143EA2EC0793}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{C2F380B1-ED3C-4804-B09F-03016E994B63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{C824605A-08E5-4F5D-A9AD-F682A2C9E9AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CB8AA555-B3E1-49BC-8E9D-E6FF75AC0C56}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{D0467ACF-EB92-416F-8C00-1828168E2303}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E7E6540D-7745-43F3-A402-4DCB64CE887C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EFDAFA30-BB6F-4363-BA0B-F43B0DAA5372}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F3EBCFA1-477B-40A3-BD08-EE36E10DE0F5}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |

"{F8F961B6-0819-4F0C-B9B8-28313B317294}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |

"{FF9ECFC7-0F3F-40E5-9898-9B6588629C59}" = protocol=6 | dir=out | app=system |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client

"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Virgin Media Security

"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Virgin Media Security

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C40D6727-57FE-4671-B51A-69B0F21F44B5}" = Microsoft SQL Server Management Studio Express

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"EPSON Printer and Utilities" = EPSON Printer Software

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Home & Student Suite X5

"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Home & Student Suite X5 - Extra Content

"{031340C8-1733-40FE-BF52-83B599021BA9}" = CorelDRAW Graphics Suite X5 - IPM HSE

"{044D89B2-58B5-4B61-8C63-4A1AC4081A5C}" = Virgin Media Security

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 35

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{2DC240EA-51B1-4CC4-A0E5-4E4399CD7302}" = Serif PagePlus X4

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{356658C7-8C60-4A43-AF50-75CA8E642934}" = CorelDRAW Graphics Suite X5 - CZ

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{48C503D7-15A0-414A-B32E-0EFFA13B68E2}" = CorelDRAW Home & Student Suite X5

"{49DA4ABC-9A0C-4114-9338-F840D0CB7B57}" = Virgin Media Security

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information

"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP

"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader

"{922A8108-6233-4AD6-AFBB-6404D8FA80AF}" = PowerNap

"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{938C2383-A692-4D2C-AE45-024F91EF7B1D}" = CorelDRAW Graphics Suite X5 - PL

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Resources

"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}" = OpenOffice.org 3.4.1

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT

"{A254420E-382B-4B53-A724-10A746AE9E79}" = Community Analysis Package 4

"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 N150 Wireless USB Adapter

"{A30965BD-2D4D-45CE-8F04-6A6889818CF1}" = Microsoft SQL Server 2005 Tools

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93EC091-461F-46EE-BAE1-327EB608AA60}" = Serif PagePlus X4 Resources

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print

"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CA12DA1D-25DD-4495-92D5-B1DE65D43C77}" = CorelDRAW Graphics Suite X5 - RU

"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common

"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Home & Student Suite X5 - Extra Content

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin

"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp

"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT

"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9

"Community Analysis Package 4" = Community Analysis Package 4

"EasyBits Magic Desktop" = Magic Desktop

"EPSON Scanner" = EPSON Scan

"ESDX4000_4050_CX3900" = ESDX4000_4050_CX3900

"Gadwin PrintScreen" = Gadwin PrintScreen

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"Intense Language Office" = Intense Language Office

"Kobo" = Kobo

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400

"Maps for NBN V2" = Maps for NBN V2

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Opus Creator 7" = Opus Creator 7

"PDF Complete" = PDF Complete Special Edition

"RadialpointClientGateway_is1" = Virgin Media Service Manager 4.1.16

"RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27

"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.23

"Rapport_msi" = Rapport

"RealPlayer 15.0" = RealPlayer

"Recorder Uninstaller" = Recorder (remove only)

"softOSD Client" = softOSD Client (Build 1445)

"ST5UNST #1" = MapMate

"VLC media player" = VLC media player 1.0.1

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WTA-01c7b59f-d53e-44e2-b327-7d9ebf55ebc4" = Blasterball 3

"WTA-0ca9deab-bfe4-4bb1-8398-19349df97ef8" = Cake Mania

"WTA-4d6f2cc1-1cd0-4194-ae03-5029a0475fa9" = Cradle of Rome 2

"WTA-57a5f3c8-82df-4355-aaff-d02d8509821d" = Zuma Deluxe

"WTA-58159f29-d61c-421a-8332-29f7318f4d28" = Polar Bowler

"WTA-583a25bc-1114-43bb-a620-fac43aaf864b" = Plants vs. Zombies - Game of the Year

"WTA-5ab36016-fd69-45f1-9eea-6b2909221aad" = Jewel Quest: The Sleepless Star - Collector's Edition

"WTA-5cb66b35-9887-4613-9add-1b35db1ac850" = Penguins!

"WTA-6223c200-ae74-4f92-80ef-296cc06cfc77" = Chuzzle Deluxe

"WTA-64265427-78e6-4e46-bd74-515fb874bf4c" = Agatha Christie - Peril at End House

"WTA-7327c917-9330-4296-ae96-802ee3e12645" = Governor of Poker 2 Premium Edition

"WTA-84f03c90-0a12-4521-b25c-0fee246cd111" = Mystery of Mortlake Mansion

"WTA-971031e4-f374-4379-804e-95e5d40d76d1" = Chronicles of Albian

"WTA-9b29dbc6-d41e-4ed2-b041-7c6e83e9c892" = Farm Frenzy

"WTA-a042dfd6-c27f-4c39-add7-c74085dd676f" = Jewel Quest Solitaire

"WTA-b644daaa-8d8a-493c-afa5-2f8679494e45" = Virtual Villagers - The Secret City

"WTA-badf7d7d-6936-4569-907e-80059ec52a97" = Bejeweled 3

"WTA-ce525f89-0e53-4fd6-983a-658686a2ea20" = Bounce Symphony

"WTA-d5410cf1-b751-4ee5-be54-79ad67dd9388" = Mah Jong Medley

"WTA-dad3ddbd-f0d8-4e75-9bd8-ca846c46256a" = Slingo Deluxe

"WTA-e0c06f57-8cab-4bd6-b29c-f145e030b94d" = Vacation Quest - The Hawaiian Islands

"WTA-e7e06d3e-6d76-4032-a306-d8805ecb11f6" = FATE

"WTA-eec47bf8-4325-451d-8b5b-880e040a0c37" = Namco All-Stars: PAC-MAN

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Mail" = Yahoo! Internet Mail

"Yahoo! Mail Advisor" = Yahoo! Mail Advisor

"Yahoo! Software Update" = Yahoo! Software Update

"YInstHelper" = Yahoo! Install Manager

"ZinioReader4" = Zinio Reader 4

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10/15/2012 8:25:28 AM | Computer Name = RichardWright- | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16450,

time stamp: 0x503723f6 Faulting module name: ntdll.dll, version: 6.1.7601.17725,

time stamp: 0x4ec49b8f Exception code: 0xc000041d Fault offset: 0x0002e066 Faulting

process id: 0x1610 Faulting application start time: 0x01cdaa9d026dde11 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\ntdll.dll Report Id: 671a5df4-16c3-11e2-b49b-3cd92b6292cf

 

Error - 10/15/2012 9:00:06 AM | Computer Name = RichardWright- | Source = Application Error | ID = 1000

Description = Faulting application name: SecurityAdvisorLogic.exe, version: 2.5.23.61226,

time stamp: 0x501c3aa0 Faulting module name: WinTrust.dll, version: 6.1.7601.17940,

time stamp: 0x5037b19b Exception code: 0xc0000005 Fault offset: 0x0000c106 Faulting

process id: 0x2758 Faulting application start time: 0x01cdaad4f1ba09ca Faulting application

path: C:\Program Files (x86)\Virgin Media\Security Advisor\SecurityAdvisorLogic.exe

Faulting

module path: C:\Windows\syswow64\WinTrust.dll Report Id: 3d330ec1-16c8-11e2-b49b-3cd92b6292cf

 

Error - 10/15/2012 9:31:06 AM | Computer Name = RichardWright- | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16450,

time stamp: 0x503723f6 Faulting module name: ntdll.dll, version: 6.1.7601.17725,

time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002e066 Faulting

process id: 0x1e98 Faulting application start time: 0x01cdaa9abece406b Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\ntdll.dll Report Id: 91df8953-16cc-11e2-b49b-3cd92b6292cf

 

Error - 10/15/2012 9:31:20 AM | Computer Name = RichardWright- | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16450,

time stamp: 0x503723f6 Faulting module name: ntdll.dll, version: 6.1.7601.17725,

time stamp: 0x4ec49b8f Exception code: 0xc000041d Fault offset: 0x0002e066 Faulting

process id: 0x1e98 Faulting application start time: 0x01cdaa9abece406b Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Windows\SysWOW64\ntdll.dll Report Id: 9a534c2c-16cc-11e2-b49b-3cd92b6292cf

 

Error - 10/15/2012 10:00:08 AM | Computer Name = RichardWright- | Source = Application Error | ID = 1000

Description = Faulting application name: SecurityAdvisorLogic.exe, version: 2.5.23.61226,

time stamp: 0x501c3aa0 Faulting module name: WinTrust.dll, version: 6.1.7601.17940,

time stamp: 0x5037b19b Exception code: 0xc0000005 Fault offset: 0x0000c106 Faulting

process id: 0xa14 Faulting application start time: 0x01cdaadd536e5b89 Faulting application

path: C:\Program Files (x86)\Virgin Media\Security Advisor\SecurityAdvisorLogic.exe

Faulting

module path: C:\Windows\syswow64\WinTrust.dll Report Id: a08e3089-16d0-11e2-b49b-3cd92b6292cf

 

Error - 10/15/2012 11:00:14 AM | Computer Name = RichardWright- | Source = Application Error | ID = 1000

Description = Faulting application name: SecurityAdvisorLogic.exe, version: 2.5.23.61226,

time stamp: 0x501c3aa0 Faulting module name: WinTrust.dll, version: 6.1.7601.17940,

time stamp: 0x5037b19b Exception code: 0xc0000005 Fault offset: 0x0000c106 Faulting

process id: 0x1cb0 Faulting application start time: 0x01cdaae5b53309e6 Faulting application

path: C:\Program Files (x86)\Virgin Media\Security Advisor\SecurityAdvisorLogic.exe

Faulting

module path: C:\Windows\syswow64\WinTrust.dll Report Id: 05b175f0-16d9-11e2-b49b-3cd92b6292cf

 

Error - 10/15/2012 12:00:08 PM | Computer Name = RichardWright- | Source = Application Error | ID = 1000

Description = Faulting application name: SecurityAdvisorLogic.exe, version: 2.5.23.61226,

time stamp: 0x501c3aa0 Faulting module name: WinTrust.dll, version: 6.1.7601.17940,

time stamp: 0x5037b19b Exception code: 0xc0000005 Fault offset: 0x0000c106 Faulting

process id: 0x1a3c Faulting application start time: 0x01cdaaee170254d5 Faulting application

path: C:\Program Files (x86)\Virgin Media\Security Advisor\SecurityAdvisorLogic.exe

Faulting

module path: C:\Windows\syswow64\WinTrust.dll Report Id: 64031c14-16e1-11e2-b49b-3cd92b6292cf

 

Error - 10/15/2012 1:00:02 PM | Computer Name = RichardWright- | Source = Application Error | ID = 1000

Description = Faulting application name: SecurityAdvisorLogic.exe, version: 2.5.23.61226,

time stamp: 0x501c3aa0 Faulting module name: WinTrust.dll, version: 6.1.7601.17940,

time stamp: 0x5037b19b Exception code: 0xc0000005 Fault offset: 0x0000c106 Faulting

process id: 0x243c Faulting application start time: 0x01cdaaf678eba6ea Faulting application

path: C:\Program Files (x86)\Virgin Media\Security Advisor\SecurityAdvisorLogic.exe

Faulting

module path: C:\Windows\syswow64\WinTrust.dll Report Id: c24885d3-16e9-11e2-b49b-3cd92b6292cf

 

Error - 10/15/2012 1:28:42 PM | Computer Name = RichardWright- | Source = Application Error | ID = 1000

Description = Faulting application name: SecurityAdvisorLogic.exe, version: 2.5.23.61226,

time stamp: 0x501c3aa0 Faulting module name: WinTrust.dll, version: 6.1.7601.17940,

time stamp: 0x5037b19b Exception code: 0xc0000005 Fault offset: 0x0000c106 Faulting

process id: 0x1b18 Faulting application start time: 0x01cdaafa498181de Faulting application

path: C:\Program Files (x86)\Virgin Media\Security Advisor\SecurityAdvisorLogic.exe

Faulting

module path: C:\Windows\syswow64\WinTrust.dll Report Id: c37f8b50-16ed-11e2-b49f-3cd92b6292cf

 

Error - 10/15/2012 1:29:34 PM | Computer Name = RichardWright- | Source = CVHSVC | ID = 100

Description = Information only. Too many failures while downloading ranges: 2

 

Error - 10/15/2012 1:32:58 PM | Computer Name = RichardWright- | Source = CVHSVC | ID = 100

Description = Information only. (Stream product id=0x0066): Streaming Failed

 

[ Hewlett-Packard Events ]

Error - 5/22/2012 8:44:04 AM | Computer Name = RichardWright- | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 80 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

 

Error - 5/22/2012 8:44:04 AM | Computer Name = RichardWright- | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 80 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

 

Error - 5/29/2012 12:56:58 PM | Computer Name = RichardWright- | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/f0329a97_5616_48db_a172_d080f4ea4a82/jbqcbyo+uqmg+7_pbk33n2vy_5.rem' has

been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 4000 Ram Utilization: 40 TargetSite: Void UpdateDetail(System.String)

 

Error - 5/29/2012 12:57:27 PM | Computer Name = RichardWright- | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

 

Error - 5/29/2012 12:57:27 PM | Computer Name = RichardWright- | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

 

Error - 6/5/2012 8:19:56 AM | Computer Name = RichardWright- | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

 

Error - 6/5/2012 8:19:56 AM | Computer Name = RichardWright- | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

 

Error - 7/29/2012 6:19:16 AM | Computer Name = RichardWright- | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/abd9e027_a185_4251_ab16_68c070a85f7a/iucxw+tq513irpqukbrl41li_5.rem' has

been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 4000 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

 

Error - 8/7/2012 8:04:27 AM | Computer Name = RichardWright- | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0] Message: The server did not provide a meaningful

reply; this might be caused by a contract mismatch, a premature session shutdown

or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 4000 Ram Utilization: 30 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage)

 

Error - 8/14/2012 1:13:34 PM | Computer Name = RichardWright- | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/ee5d03e5_f163_4bfc_9fe4_23289a39738d/_xnvcsfyuloxqehqpyastl2o_5.rem' has

been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 4000 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

 

[ System Events ]

Error - 10/14/2012 10:25:32 AM | Computer Name = RichardWright- | Source = Microsoft-Windows-Kernel-General | ID = 5

Description =

 

Error - 10/14/2012 10:26:21 AM | Computer Name = RichardWright- | Source = Microsoft-Windows-Kernel-General | ID = 5

Description =

 

Error - 10/14/2012 10:26:28 AM | Computer Name = RichardWright- | Source = Microsoft-Windows-Kernel-General | ID = 5

Description =

 

Error - 10/14/2012 10:28:04 AM | Computer Name = RichardWright- | Source = Service Control Manager | ID = 7024

Description = The Windows Search service terminated with service-specific error

%%-1073473535.

 

Error - 10/14/2012 10:28:04 AM | Computer Name = RichardWright- | Source = Service Control Manager | ID = 7031

Description = The Windows Search service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 30000 milliseconds:

Restart the service.

 

Error - 10/14/2012 10:32:56 AM | Computer Name = RichardWright- | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition

1.137.1642.0).

 

Error - 10/14/2012 2:01:52 PM | Computer Name = RichardWright- | Source = Microsoft-Windows-Kernel-General | ID = 5

Description =

 

Error - 10/14/2012 2:01:56 PM | Computer Name = RichardWright- | Source = Microsoft-Windows-Kernel-General | ID = 5

Description =

 

Error - 10/14/2012 2:06:28 PM | Computer Name = RichardWright- | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition

1.137.1642.0).

 

Error - 10/15/2012 1:24:55 PM | Computer Name = RichardWright- | Source = Microsoft-Windows-Kernel-General | ID = 5

Description =

 

 

< End of report >

Starbuck Newbie

Starbuck

Posted
Posted

Hi Richard

 

AdwCleaner seems to have done a good job.

Let's tidy up some other entries in the OTL report and then we'll see about getting your Java updated.

 

Step 1

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O15 - HKCU\..Trusted Domains: jelitto.com ([www] https in Trusted sites)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
[2012/10/12 06:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/12 06:39:20 | 000,000,000 | ---D | C] -- C:\Users\Richard Wright-\AppData\Local\Avg2013

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
     
    http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
     
  • Click the red Run Fix button.
     
    http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
     
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

Step 2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 7 Update 7 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 7".
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • select 'Windows x64' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586-p.exe to install the newest version.

 

 

In your next reply, please submit:

Otl fix report

and let me know of any problems with the system now.

 

Thanks

Member of:

UNITE

Richard Wright Newbie

Richard Wright

Posted
  • Author
Posted

Everything now seems fine. Thanks a lot. Wish I'd discovered this site on Friday as it would have saved me a wasted and frustrating weekend!

I'll be more than happy to make a donation.

It would be interesting if you could briefly explain in reasonably simple language what was actually wrong!

 

Many thanks

Richard

 

The log file follows:

 

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jelitto.com\www\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\ not found.

File E:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\ not found.

File E:\SETUP.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be7886c9-efaf-11e0-bc13-806e6f6e6963}\ not found.

File E:\SETUP.EXE not found.

C:\ProgramData\AVG2013\SetupBackup folder moved successfully.

C:\ProgramData\AVG2013\lsdb\prev folder moved successfully.

C:\ProgramData\AVG2013\lsdb folder moved successfully.

C:\ProgramData\AVG2013\log folder moved successfully.

C:\ProgramData\AVG2013\IDS\quarantine folder moved successfully.

C:\ProgramData\AVG2013\IDS\profile folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox\9 folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox\8 folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox\7 folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox\6 folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox\5 folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox\4 folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox\3 folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox\2 folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox\1 folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox\0 folder moved successfully.

C:\ProgramData\AVG2013\IDS\outbox folder moved successfully.

C:\ProgramData\AVG2013\IDS\malwareprofile folder moved successfully.

C:\ProgramData\AVG2013\IDS\config folder moved successfully.

C:\ProgramData\AVG2013\IDS folder moved successfully.

C:\ProgramData\AVG2013\DB folder moved successfully.

C:\ProgramData\AVG2013\Chjw\9aa4af50a4af2e27 folder moved successfully.

C:\ProgramData\AVG2013\Chjw\8c1a69f81a69e026 folder moved successfully.

C:\ProgramData\AVG2013\Chjw\564e91124e90ebcd folder moved successfully.

C:\ProgramData\AVG2013\Chjw folder moved successfully.

C:\ProgramData\AVG2013\avi folder moved successfully.

C:\ProgramData\AVG2013\Antispam folder moved successfully.

C:\ProgramData\AVG2013\admincli folder moved successfully.

C:\ProgramData\AVG2013 folder moved successfully.

C:\Users\Richard Wright-\AppData\Local\Avg2013\temp folder moved successfully.

C:\Users\Richard Wright-\AppData\Local\Avg2013\log folder moved successfully.

C:\Users\Richard Wright-\AppData\Local\Avg2013 folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Richard Wright-\Desktop\cmd.bat deleted successfully.

C:\Users\Richard Wright-\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Richard Wright-

->Temp folder emptied: 21457502 bytes

->Temporary Internet Files folder emptied: 386396326 bytes

->Java cache emptied: 12176 bytes

->Flash cache emptied: 57365 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1591873 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes

RecycleBin emptied: 12788170591 bytes

 

Total Files Cleaned = 12,586.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 10152012_195219

Files\Folders moved on Reboot...

C:\Users\Richard Wright-\AppData\Local\Temp\Low\~DF036DFA668239143F.TMP moved successfully.

C:\Users\Richard Wright-\AppData\Local\Temp\Low\~DF0E2511CD312EB4A2.TMP moved successfully.

C:\Users\Richard Wright-\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Richard Wright-\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.4188.log moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Richard Wright-\AppData\Local\Trusteer\Rapport\user\logs\gp_iexplore.6392.log moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Richard Wright-\AppData\Local\Trusteer\Rapport\user\logs\koan.4188.log moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Richard Wright-\AppData\Local\Trusteer\Rapport\user\logs\koan.6392.log moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Richard Wright-\AppData\Local\Trusteer\Rapport\user\logs\koanlight.4188.log moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Richard Wright-\AppData\Local\Trusteer\Rapport\user\logs\koanlight.6392.log moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\0[1].htm moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\csc-render[1].htm moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\ext-render-secure[2].htm moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCA2NSH9O.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCA39GGRG.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCA485IUL.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCA4ASGCB.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCA6BMV19.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCA6E3OZM.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCA7BJB3E.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCA8LFOKE.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAA375Z9.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAANJU3R.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCADE73B2.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCADK4EA6.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCADLQI1X.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAEN9ZCN.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAF2ZTP6.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAFLJK4G.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAFXIZDF.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAG5BMRG.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAHH5A74.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAHJ7JON.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAIPVVCU.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAN475Y2.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAOE8QOI.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAPC06UK.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAQ5LC4S.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAQ7ENUJ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAQPA3PI.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCARNQQVZ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAS3UGPK.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCASBKPU7.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCASXNC0P.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCATT5337.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAV3EWQ9.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAVKQ01I.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAX1NT2I.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAX2IP0E.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAY0NCMX.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAYFENGR.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\pingCAZFJWMY.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\ping[10].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\ping[11].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\ping[9].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\rsa[1].htm moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\visit[4].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y90D1XBE\yql[10].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\0[1].htm moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\14260-Boot-Problems-Snap-Do[1].htm moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\fc[1].htm moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCA0DME70.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCA1AT5GT.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCA2PELXM.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCA4OLJE9.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCA4TN8CW.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCA5ITWCC.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCA62NOR0.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCA6P0N8Q.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCA705F8K.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCA9JY4IJ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAAYSREK.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCABCGYTI.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAC9DHTZ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCACNAR09.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCADRXATA.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAE5DLDS.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAE95KKH.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAE98EPC.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAEMWCIR.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAGBO6MU.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAGC9FTJ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAGIZP2E.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAGM2U50.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAJ9LPRN.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAJIK3SN.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCALJOF83.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAP65Z86.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCARZ0R7E.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCASJQRPY.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCATR57C1.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAUD84Y5.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAWDS9FQ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAWTEXHW.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAX92D0A.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAXJ56DY.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAXY1NQ5.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\pingCAXYIRPS.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\visit[5].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\visit[6].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RVQNGZGW\visit[7].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\0[1].htm moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCA0ZLFLI.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCA32J0T2.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCA4ROUC8.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCA5147PY.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCA6F3YMC.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCA7XWVON.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCA80HNGB.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCABA9U3G.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCABKU56D.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCADOM4CA.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCADTODJR.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAEB7QBV.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAF0V3SZ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAFNEPF6.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAFWACAQ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAG9U6HS.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAIF90PX.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAIQXVEA.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAKQAWO6.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAL378ZD.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAR144MJ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAUCY1EV.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAUHRX5J.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAV6FH0O.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAVM0MZT.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAVQNHFJ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAWJD9CL.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAX3IMYK.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAYG5M53.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAZ5W0AL.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAZ8V0TD.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAZCPGCI.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\pingCAZJ166C.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\visit[3].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRMWTEEZ\visit[4].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\0[1].htm moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\launch[1].htm moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA0A8E51.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA0QV7L2.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA1BU5MT.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA1UDUZB.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA1VVJL2.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA223BE7.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA3K2N5B.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA3ROVFL.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA42O5WE.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA4H7XA8.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA50GYDI.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA5OSGKD.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA5ZE2EU.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA6H4Y0G.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA6LEWQG.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA6NNRKC.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA76BO72.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA7KOK6K.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA7RCHBM.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA838TJT.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA8FHLHN.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCA9QT2BA.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAAA0KRZ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAB0GU6V.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCABZ159E.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAC8X6M6.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCADT9GH0.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAEJY0JM.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAER7FXI.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAERTEUW.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAFF03R3.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAFIBQLR.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAFNT372.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAFVTYKB.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAHARHTB.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAILRYK7.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAIYA3WJ.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAKVRYQV.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAKYRGHD.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAL001RV.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAL3O8DE.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAL6V8QF.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCALB6RPM.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAM5S2QR.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAMXE4WT.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCANANFGV.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAO44QTY.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAQ5F57R.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAQIBQPT.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAR71ZN5.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAR7URSR.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCASB92D1.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAT9TR9C.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCATM10HE.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCATTVNO0.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAU2T99S.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAU30YFP.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAUHNRP2.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAUTK79M.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAUXEJQT.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAV5ER4S.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAVIH42Q.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAWBAN3P.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAX94OCW.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAYAEHQV.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAYO184Y.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAYU50YO.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAZ1HURB.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\pingCAZ1J16L.js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\visit[10].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\visit[8].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\visit[9].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CB8I9HOE\yql[11].js moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Richard Wright-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Starbuck Newbie

Starbuck

Posted
Posted

Hi Richard,

 

Wish I'd discovered this site on Friday as it would have saved me a wasted and frustrating weekend!

At least you're here now and we won't be going anywhere. :)

We're always more than happy to help.

 

It would be interesting if you could briefly explain in reasonably simple language what was actually wrong!

It looked like an accumulation of things.

There were a couple of dodgy Toolbars which were installed along with some programs you may have installed.

The problem now a days is that you install one program and it then in turn installs a couple of dodgy things. ( this is how some program makers make their money)

Sometimes these toolbars then conflict..... that's when you start to get problems.

Your Temp internet files were due for a good clean as well:

The Otl fix took care of that:

Total Files Cleaned = 12,586.00 mb

Nearly 12GB

 

I'll be more than happy to make a donation.

That is really appreciated, thank you.

 

Run the system for a day or two and if everything is still running fine, we'll finish off the cleaning process.

We don't want to let you go too early..... just in case. :cool:

 

Give me an update in a day or so.

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...